Colonial Pipeline, which provides 45% of the East Coast’s fuel, paid the hackers that shut down its network nearly $5 million but the decryption tool ultimately wasn’t effective in restoring operations, according to a Bloomberg report. Colonial, which shut down its pipeline after its IT operations were hacked May 7, was able to recover by relying on system backups, Bloomberg reported, and is slowly resuming operations.
U.S. officials and cybersecurity experts have linked the Colonial Pipeline attack to a Russian-speaking criminal gang known as DarkSide, believed to be based in Eastern Europe.
This latest high-profile ransomware attack left Americans scrambling for fuel in the Southeast and serves as a reminder of the vulnerabilities of not just the U.S.’s aging energy infrastructure but all critical infrastructure globally.
Across the globe, cyber attackers are increasingly taking aim at the critical infrastructure that underpin modern society with ransomware attacks, a type of attack that locks up a victim’s computer systems and demands payment – usually in cryptocurrencies -to have the files released.
The CyberPeace Institute, a Geneva-based non-profit organization that seeks accountability in cyberspace, reports that since November 2020 the number of global cyberattacks against the healthcare sector, including hospitals, have risen by 45%, compared to an average of 22% in other sectors.
A February report from IBM found that the energy industry was the third most targeted sector for such attacks in 2020, behind only finance and manufacturing. That was up from ninth place in 2019.
“The bottom line is that attacks targeting operational technology – the industrial control systems on the production line or plant floor – are becoming more frequent,” Algirrde Pipikaite, Cyber Strategy Lead at the World Economic Forum’s Centre for Cybersecurity, said in a prepared statement. “Unless cybersecurity measures are embedded in a technology’s development phase, we are likely to see more frequent attacks on industrial systems like oil and gas pipelines or water treatment plants. Cybersecurity vulnerabilities have become a systemic issue. It needs strategic oversight to ensure that operations have preventative controls and an appropriate responses plan if and when attackers breach a system.”
A World Economic Forum task force recently published a report entitled Combating Ransomware: A Comprehensive Framework for Action, outlining actions that governments, businesses and non-profits can take to deter ransomware criminals and disrupt their business model. It urges the international community to coordinate efforts to develop a single, widely adopted “ransomware framework” that will help organizations prepare for and respond to ransomware attacks.
Among other things the report recommends the creation of government cyber response and recovery funds; that businesses and other organizations be required to report ransom payments; and mandates that organizations consider alternatives before making payments.
The report suggests that international diplomatic and law enforcement agencies declare ransomware a priority and carry out a comprehensive and resourced strategy, which would include measures to prevent nation states from providing a safe haven to ransomware organizations. It also calls for governments to regulate the cryptocurrency sector more closely, and ensure exchanges, kiosks and over-the-counter trading desks comply with existing regulations, including know your customer, anti-money laundering, and combating financing of terrorism laws.
Governments are paying attention. On May 12 U.S. President Joe Biden signed an Executive Order to improve the U.S.’s cybersecurity and protect federal government networks. “Recent cybersecurity incidents such as SolarWinds, Microsoft Exchange, and the Colonial Pipeline incident are a sobering reminder that U.S. public and private sector entities increasingly face sophisticated malicious cyber activity from both nation-state actors and cyber criminals,” said a White House statement. “These incidents share commonalities, including insufficient cybersecurity defenses that leave public and private sector entities more vulnerable to incidents.”
The White House’s new Executive Order on Cybersecurity focuses on the three important areas for improving US security: better oversight, greater standardization, and more cooperation to fight cybercrime. “Overall, it is a call to focus on cybersecurity as a strategic issue requiring the highest executive attention,” says the Forum’s Pipikaite. “Now, whenever the federal government buys software, tech suppliers will have to provide the full picture and an understanding of where their code is coming from and who wrote it. This is much needed support for transparency and accountability in the digital supply chain. “
The Order also emphasizes public private cooperation, “which is vital for our shared security and resilience,” she says.
IN OTHER NEWS THIS WEEK
Airbnb Pricing Algorithm Led To Increased Racial Disparities
Low uptake of an optional pricing algorithm on Airbnb by black hosts had the effect of widening racial disparities in earnings on the platform, a new study has found. “The most surprising finding was that even though the algorithm was benefiting both black and white [hosts] more, it led to greater social inequality in the whole population, because of significantly [lower] adoption rates amongst black hosts,” said Param Vir Singh, the paper’s author and a professor at Carnegie Mellon University. “So even a well-meaning algorithm can lead to greater social inequality . . . there are unintended consequences of algorithms,” he added.
A New Gene Editing Tool Could Rival CRISPR
A team led by the famed synthetic biologist. George Church at Harvard University has hijacked a strange piece of bacteria biology. The result is a powerful tool that can—in theory—simultaneously edit millions of DNA sequences, with a “bar code” to keep track of changes. All without breaking a single delicate DNA strand.For now, these biological tools, called “Retron Library Recombineering (RLR),” have only been tested in bacterial cells. But “this work helps establish a road map toward using RLR in other genetic systems, which opens up many exciting possibilities for future genetic research,” said Church.
FOOD AND AGRICULTURE
MeaTech 3D Will Produce Cultivated Fat, Whole Steaks At New Production Facility
Israeli bioprinting startup MeaTech 3D is the latest cultivated meat company to announce a pilot production facility, which the company intends to have operational in 2022. MeaTech said it will use the facility to increase the production of cultured chicken fat from Peace of Meat, a Belgian company MeaTech acquired in December of 2020. MeaTech says cultured fat can “significantly enhance” the texture, flavor, and mouthfeel of plant-based meat alternatives, giving them an altogether “meatier” taste than is available with current plant-based meat analogues. It plans to license its cultivated fat tech — including cell lines and bioprocesses — to other companies wishing to improve their plant-based products. The company will additionally continue to develop a process for whole cuts of cultivated meat — namely steak and chicken breast — using 3D bioprinting tech.
Facebook-backed Currency Project Narrow Focus To The U.S.
The Facebook-led digital currency project Diem (formerly called Libra) is shifting its operations to the U.S. and will partner with a domestic bank to issue a US-dollar backed stablecoin, in a big downgrade from its initial global vision. The project, which is supported by 26 businesses and non-profits, has also dropped its application to the Swiss Financial Market Supervisory Authority to operate as a payments service, and will instead apply to register as a money services business with the US Treasury.
Panasonic To Buy Supply Chain Software Provider
Panasonic agreed to pay $7.1 billion for U.S. supply-chain software provider Blue Yonder Holding. in a bid to accelerate its software business. The Covid-19 pandemic is leading to sharp changes in supply and demand, making supply-chain management critical for companies.