The Biden administration earlier announced secret details on Tuesday about the breadth of government-sponsored cyberattacks on American oil and gas pipelines over the past decade as part of a warning to pipeline owners to heighten the security of their systems to ward off future attacks.

From 2011 to 2013, China-backed hackers targeted and in many cases breached nearly two dozen companies that own such pipelines, the FBI and the Department of Homeland Security revealed in a warning on Tuesday. For the first time, authorities said they believed the “intrusions were likely intended to gain strategic access” to the industrial control networks that operate the pipelines “for future operations, not for intellectual property theft.” In other words, the hackers were preparing to take control of the pipelines instead of just stealing the technology that made them work.

Of 23 natural gas pipeline operators who a form of email scam known as spear phishingAgencies said 13 were successfully compromised while three were “near misses”. The extent of the penetration into seven operators was not known due to a lack of data.

The revelations come as the federal government tries to mobilize the pipeline industry after a Russia-based ransomware group lightly forced the closure of a pipeline network that supplies nearly half of the gasoline, kerosene and diesel that flows up the east coast . This attack on the Colonial Pipeline – Aligned with the company’s business systems, not the operation of the pipeline itself – caused the company to stop shipping for fear of not knowing what the attackers would be able to do next. Long gasoline lines and bottlenecks followed, underscoring the urgency of President Biden’s efforts to protect the United States’ pipelines and critical infrastructure from cyberattacks.

The released report on China’s activities accompanied a security policy that obliges owners and operators of pipelines that have been classified as critical by the Transportation Security Administration to take specific measures to protect against ransomware and other attacks and to draw up a contingency and recovery plan. The exact steps have not been made public, but officials said they tried to address some of the major shortcomings identified in the review of the Colonial Pipeline attack. (The privately owned company said little about the vulnerabilities in its systems that the hackers exploited.)

The guideline follows another in May This required companies to report significant cyberattacks to the government. But that didn’t seal the systems.

The recently released report recalled that nationwide backed hackers targeted oil and gas pipelines before cybercriminals found new ways to hold their operators hostage to extort ransom. Ransomware is a form of malware that encrypts data until the victim pays. The attack on the Colonial Pipeline resulted in it paying about $ 4 million in cryptocurrency, some of which was the FBI resorted to after the criminals left some of the money in cryptocurrency wallets visible. But, as one police officer said, it was a “blissful break”. Another ransomware attack several weeks later claimed JBS, a manufacturer of beef products, for $ 11 million. none of this has been restored.

Nearly 10 years ago, the Department of Homeland Security said in the released report it had begun to respond to oil pipeline break-ins and electricity operators at an “alarming rate”. Officials successfully traced some of these attacks back to China, but in 2012 his motivation was not clear: Did the hackers troll for trade secrets? Or were they positioning themselves for a future attack?

“We’re still trying to find out,” a senior American intelligence official told the New York Times 2013. “You could have done both.”

However, Tuesday’s warning said the goal was to “compromise the US pipeline infrastructure.”

“This activity should ultimately help China develop cyberattack capabilities against US pipelines to physically damage pipelines or disrupt pipeline operations,” the warning said.

The alert was triggered by new cyber defense concerns of critical infrastructure that were brought to the fore with the attack on the Colonial Pipeline. This violation triggered an alert at the White House and Department of Energy, which found the country could have afforded only three days of downtime before local transport and chemical refineries came to a standstill.

Mandiant, a division of security firm FireEye, said the advice was in line with the China-backed break-ins it tracked at several natural gas pipeline companies and other critical operators from 2011 to 2013. But the company added a disturbing detail, noting that it “strongly” believed that, in one case, Chinese hackers had gained access to controls, allowing a pipeline to be shut down or possibly causing an explosion.

While the directive does not identify the victims of the pipeline break-in, one of the companies Infiltrated by Chinese hackers during the same period was Telvent, which oversees more than half of the oil and gas pipelines in North America. She discovered hackers in her computer systems in September 2012, only after hanging around there for months. The company closed its remote access to its customers’ systems because it feared it could be used to shut down American infrastructure.

The Chinese government denied that it was behind the Telvent break. congress Adopt cybersecurity laws this would have increased the security of pipelines and other critical infrastructures. And the country seemed to be moving on.

Almost a decade later, the Biden administration says the threat of hacking on America’s oil and gas pipelines has never been greater. “The lives and livelihoods of the American people depend on our collective ability to protect our country’s critical infrastructure from evolving threats,” Homeland Security Secretary Alejandro N. Mayorkas said in a statement Tuesday.

The May policy set a 30-day period to “identify any gaps and associated remedial actions to address cyber risks” and report them to the TSA and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency.

Shortly after taking office, Mr Biden promised that improving cybersecurity would be a top priority. This month he met with top advisors to discuss Answer options a wave of Russian ransomware attacks on American companies, including one on July 4th against a Florida company that provides software for companies that manage technology for smaller businesses.

And on Monday The White House said that China’s Ministry of State Securitythat oversees the secret service was behind it an unusually aggressive and subtle attack tens of thousands of victims relying on Microsoft Exchange mail servers in March.

Separately, the Ministry of Justice Unsealed charges against four Chinese citizens on Monday for coordinating the hacking of trade secrets of companies in the aerospace, defense, biopharmaceutical and other industries.

According to the charges, China’s hackers operate from bogus companies, some in Hainan Island, and tap into Chinese universities to not only recruit hackers for the government but also to manage critical business operations such as payroll. This decentralized structure, say American officials and security experts, is intended to offer the Chinese Ministry of State Security a plausible denial.

The charges also revealed that China’s “pro-government” hackers ran their own for-profit ventures and carried out ransomware attacks that extorted millions of dollars from companies.

Eileen Sullivan Reporting contributed.

Source link

Leave a Reply