Colonial Pipeline suffers server gremlins, says it's not due to another ransomware infection The Colonial Pipeline is in a bit of trouble again. The oil conduit that shut down this month after its operators were hit with ransomware suffered glitches with its technology on Tuesday while trying to sort out its IT woes. The temporary computer outage was, so the Colonial Pipeline company said on Twitter, “not related to …
Let me guess what's happened. Their vulnerable software was running on an older Windows version and part of the recovery process was to update to "the latest" version. The result will be that they're now hardened against attackers but half their applications are now not working properly.
(Rumor has it that they were taken down by a single phishing email. Anyone able to confirm this?)
My guess would be that they hardened their network; turning off protocols, crypto suites, and ports that are vulnerable or not needed. And as a result their distributed software couldn't make the connections to various services it needed.
As an example, I've seen .NET 4.7.x applications running on Win2016 that would insist on using TLS10 on a system that only has TLS12 enabled. So the apps fail when you start locking down.
Since they neglected security until it was too late, now they will have lots of heartburn while they clean and secure their systems.
Not necessarily. They may have restored from a previous backup to get their system up and running quickly, but would have still needed the decryption tool to get the most current data (e.g. sales) for use later. It's a shame the criminals didn't want more.
As far as the hack itself, to quote one consulting firm: "We found glaring deficiencies and big problems," said Robert F. Smallwood, whose consulting firm delivered an 89-page report in January 2018 after a six-month audit. "I mean an eighth-grader could have hacked into that system."
As far as the problem with their nomination process (which is apparently oil speak for requesting a delivery), they say that they were hardening their system as it was restored. But the actual processing of nominations is done by an independent company, Transfer4, so no one (least of all them) knows what they did to bork the data interactions.
Since Colonial Pipeline is unregulated and Transfer4 is a private company, we'll probably never know the details.
Living in the affected area, gas (petrol) is becoming easier to find though there are still spot outages at the retail level. I have been able find gas near me without any problem. It looks like we will back to normal in about a week or so. The 'official' start of the summer season starts the Memorial Day weekend (last weekend in May) so returning to normal will be most welcome.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
