US Pipeline Hacked | Cybersecurity Threats and Trends 2021 | The Cyber Review

May 10, 2021
Written by Farah

US fuel pipeline hackers 'didn't mean to create problems'

BBC Business

A US fuel pipeline, Colonial Pipeline, was hacked and went offline over the weekend. The cybercriminal gang address the incident on their website saying, "Our goal is to make money and not creating problems for society."

The US issued emergency legislation on Sunday after the ransomware cyber-attack.

Sources said the ransomware attack was likely to have been caused by a cyber-criminal gang called DarkSide, who also made a statement on the website. The group locked the data on some computers and servers, then demanded a ransom.

The cybercriminal gang also said it had not been aware that Colonial was being targeted by one of its affiliates, saying: "From today, we introduce moderation and check each company that our partners want to encrypt to avoid social consequences in the future."

The gang stole almost 100 gigabytes of data hostage, threatening to leak it onto the internet, but the FBI and other government agencies worked with private companies to respond. The cloud computing system the hackers used to collect the stolen data was taken offline on Saturday, Reuters reported.

A cybersecurity firm said the attack occurred due to the pandemic since engineers are remotely accessing control systems from home.

This incident highlights the fact that ransomware attacks can occur at government levels too which can have an impact on a national level, not just with private businesses.

A redacted screenshot of DarkSide's website on the dark web details its success in attacking a large US manufacturer
Screenshot of the information DarkSide has after the pipeline attack.

3 Emerging cybersecurity trends in 2021

There are going to be many new cybersecurity changes and trends this year, but there are a few to keep an eye out for:

Increasing cyber-attack surface:

2021 has seen one of the highest increases in attack surface. It's so important for businesses to understand and view this attack surface as what it truly is—a potential entry point of threats. Small businesses for example, suffered the most in finances due to the impact of the COVID-19 which made more small businesses embrace technological processes to reduce direct human-to-human interaction, thus the more use of technology opens more avenues to be attacked.

Critical Infrastructure threats will increase:

Cyberattacks on critical infrastructure have always been a top concern. Banks will still remain a target for hackers, but attackers are starting to target across the transportation, healthcare and energy sector, as highlighted in the article above with the US pipeline. Just within the year, government agencies have reported a high number of attacks and this is expected to increase further.

A more advanced use of multi-factor authentication:

Although having a strong password still remains a standard for security, there’s going to be a rise in the use of multi-factor authentication.

Multi-factor authentication involves a set of ways to double check this is the right person trying to access a system or platform. A common example is, sending one-time codes to phones or emails to enter.

However, 2021 will feature a more advanced use of the feature. Microsoft has already announced its plan to move from phone-based multi-factor authentication as a result of weak telephone network security.

Your old mobile phone number could compromise your cybersecurity

Princeton University conducted a study and released a paper assessing the security and privacy risks of phone number recycling by mobile characters in the United States.

Everytime you change your phone number, the carrier recycles it and gives it to someone else. The carriers report doing this in order to avoid 'number exhaustion,' or a situation where all possible numbers have already been used for each mobile phone.

The problem arises when these recycled phone numbers actually end up giving new customers access to the private information of previous phone users. A recycled number could pose security risks for many users, if a new customer decides to hack into the phone.

For example, the Princeton study cites one instance wherein a new user of a phone received multiple text updates regarding a previous user's medical information and upcoming spa appointments. While not necessarily dangerous in the hands of a non-malicious user, this information still constitutes personal user information.

In addition, multi-factor authentication is used with phones and many people use their phone number as login credentials which can be dangerous when recycling phone numbers.

In fact, the researchers discovered that 66 percent of recycled numbers sampled still had connections to the online accounts of previous customers. Furthermore, out of 259 surveyed phone numbers, 215 had been recycled and remained vulnerable to at least three types of attacks. They further report that of 200 recycled numbers assessed over one week, 19 of them still received private messages and sensitive calls intended for previous owners.