InfoSec Round-Up May 14th

Pipeline Attack, Ethical Phishing & UK Cybercrime Warning

This is the Hut Six InfoSec Round-Up, where we look at some of the most pressing matters, latest trends, and industry news from across the world of information security.

US Pipeline Hacked

A US fuel pipeline had been taken down following what is reported to be a major ransomware attack.

Colonial Pipeline, the largest fuel pipeline in the United States, which supplies 45% of the east coast’s fuel, was forced to shut down their entire network and temporarily suspend operations in an effort to contain the problem. A move which has seen shortages, rising prices and panic buying.

With the FBI confirming the attack as being the work of relatively new, Russia-based crime syndicate ‘Darkside’, the group have described themselves as ‘apolitical’, as well as stating via their website that their “goal is to make money and not [create] problems for society”.

Interestingly the group also expressed something akin to regret, noting, “From today, we introduce moderation and check each company that our partners want to encrypt to avoid social consequences in the future.”

Colonial Pipeline has issued a statement: “In response to the cybersecurity attack on our system, we proactively took certain systems offline to contain the threat, which temporarily halted all pipeline operations, and affected some of our IT systems. To restore service, we must work to ensure that each of these systems can be brought back online safely.”

Simulated Phishing Attack Criticised

West Midlands Trains have been criticised after having sent a simulated phishing campaign which promised a one-time bonus for hard work during the pandemic.

Send to 2,500 employees of the UK rail operator, the inauthentic communication was designed to test staff security awareness, though according to union leaders was “crass” and “cynical” due to the context and content of the test.

Duping users with a message from the train operators managing director and offering a fictitious bonus as a thanks for the “huge strain placed upon a large number of [their] workforce”, some have suggested the company should in fact pay real bonuses as recompense.

Defending their actions, a spokesperson for West Midlands Trains noted that cybersecurity is a matter that they take very seriously and that the design of the email was not uncommon to real phishing attacks.

General secretary of the Transport Salaries Staffs’ Association (TSSA) union, Manuel Cortes has stated, “They could have and should have used any other pretext to test their internet security. It’s almost beyond belief that they chose to falsely offer a bonus to workers who have done so much in the fight against this virus.”

UK Cybercrime Warning

Speaking at the National Cyber Security Centre’s (NCSC) CYBERUK conference, foreign secretary Dominic Raab has issued a warning to nation states, including Russia, about the sheltering of cyber criminals.

Covering a variety of topics regarding the modern state of cyber and information security, Raab emphasised the increased importance of defending against hostile actors, specifically noting that states such as Russia “can’t just wave their hands and say it’s nothing to do with them.” Adding, “Even if it is not directly linked to the state, they have a responsibility to prosecute those gangs and individuals.”

Describing the battle against hostile actors as a “war of attrition”, the foreign secretary also announced £22 million in new funding to support cyber security efforts across the world, including work with Interpol to establish a new cyber-operations hub in Africa.

Referencing many high-profile threats to national infrastructure, including the US pipeline ransomware incident, Raab highlighted attacks on the education sector, democratic institutions and the Covid vaccination supply chain, asserting that it “seems that almost nothing is off limits for these cyber criminals.” Adding, “they want to undermine the very foundations of our democracy.”

Thank you for reading this edition of Infosec Round-Up. Please be sure to subscribe to the Hut Six YouTube Channel to keep up to date with the latest news and see all our latest information security videos.