News Article: Criminal group originating from Russia believed to be behind pipeline cyberattackal gang called DarkSide, AP says

Bamaro

Hall of Fame
Oct 19, 2001
23,839
5,479
187
Jacksonville, Md USA
(CNN)A criminal group originating from Russia named "DarkSide" is believed to be responsible for a ransomware cyberattack on the Colonial Pipeline, according to a former senior cyber official.
DarkSide typically targets non-Russian speaking countries, the source said. The attack has led the White House to form an interagency working group over the weekend to prepare for various scenarios, including whether additional steps need to be taken to mitigate any potential impact on fuel supply, a White House official said Sunday.
Bloomberg and The Washington Post have also reported on DarkSide's purported involvement in the cyberattack.

Colonial Pipeline Company said Sunday it is working to develop a restart plan for its pipeline system, which was temporarily shut down to contain the threat.
The company's main lines remain offline, but some smaller lines between terminals and delivery points are now operational, the company said in a statement Sunday, adding that it "will bring our full system back online only when we believe it is safe to do so, and in full compliance with the approval of all federal regulations."
 

2003TIDE

Hall of Fame
Jul 10, 2007
7,234
2,251
187
ATL
I've seen the aftermath of "DarkSide" ransomware in the wild. Nasty stuff. Like log into your backup system and delete all your backups before encrypting your data nasty.
 

4Q Basket Case

FB|BB Moderator
Nov 8, 2004
6,566
4,091
237
Tuscaloosa
I've seen the aftermath of "DarkSide" ransomware in the wild. Nasty stuff. Like log into your backup system and delete all your backups before encrypting your data nasty.
I’m curious ….are most hacks like this truly hacking in from the outside, or is there usually inside help?

Reason I ask is that when I retired two years ago from a large regional bank, I had worked on several project teams with the head of IT security (I wasn’t in IT, I just dealt with them a lot).

He said that the industry as a whole had made so much of progress in preventing truly external threats, that it was now far easier for the bad guys to compromise an employee that to hack in. Someone needs money to feed a drug or gambling addiction…a boyfriend owes money to people who take a Louisville Slugger to knees and the girlfriend can make that go away by “misplacing” a password…someone‘s disgruntled because they got passed over for a promotion.

Could be any of a zillion sets of circumstances, but the real threat was no longer from the outside. It was compromised employees on the inside.

I realize that was two years ago, an eternity in the world of IT. So is that still the case, and does it change for truly elite-level state-sponsored cyber attacks?
 

Jon

Hall of Fame
Feb 22, 2002
13,598
6,680
182
Atlanta 'Burbs
I’m curious ….are most hacks like this truly hacking in from the outside, or is there usually inside help?

Reason I ask is that when I retired two years ago from a large regional bank, I had worked on several project teams with the head of IT security (I wasn’t in IT, I just dealt with them a lot).

He said that the industry as a whole had made so much of progress in preventing truly external threats, that it was now far easier for the bad guys to compromise an employee that to hack in. Someone needs money to feed a drug or gambling addiction…a boyfriend owes money to people who take a Louisville Slugger to knees and the girlfriend can make that go away by “misplacing” a password…someone‘s disgruntled because they got passed over for a promotion.

Could be any of a zillion sets of circumstances, but the real threat was no longer from the outside. It was compromised employees on the inside.

I realize that was two years ago, an eternity in the world of IT. So is that still the case, and does it change for truly elite-level state-sponsored cyber attacks?
That guy was BS'ing to sound cool

Most "hacking" is actually phishing the stupid, not pressuring the weak. Sure some of what he describe happens, bust "most" not even close
 

2003TIDE

Hall of Fame
Jul 10, 2007
7,234
2,251
187
ATL
I’m curious ….are most hacks like this truly hacking in from the outside, or is there usually inside help?

Reason I ask is that when I retired two years ago from a large regional bank, I had worked on several project teams with the head of IT security (I wasn’t in IT, I just dealt with them a lot).

He said that the industry as a whole had made so much of progress in preventing truly external threats, that it was now far easier for the bad guys to compromise an employee that to hack in. Someone needs money to feed a drug or gambling addiction…a boyfriend owes money to people who take a Louisville Slugger to knees and the girlfriend can make that go away by “misplacing” a password…someone‘s disgruntled because they got passed over for a promotion.

Could be any of a zillion sets of circumstances, but the real threat was no longer from the outside. It was compromised employees on the inside.

I realize that was two years ago, an eternity in the world of IT. So is that still the case, and does it change for truly elite-level state-sponsored cyber attacks?
LOL at the bold part.

To answer your question though it came in via a payload attached to an email.
 
  • Like
Reactions: crimsonaudio

B1GTide

TideFans Legend
Apr 13, 2012
37,776
24,420
187
The key to stopping these attacks is the use of a password management tool which changes administrative account passwords very frequently. Even if they get an admin password, they only have it for an hour, max.
 

4Q Basket Case

FB|BB Moderator
Nov 8, 2004
6,566
4,091
237
Tuscaloosa
LOL at the bold part.

To answer your question though it came in via a payload attached to an email.
Even two years ago, we had all sorts of training on that, and probably a test phishing / toxic attachment email a month.

Penalties for falling for it started with a nastygram from HR, and got incrementally more severe, up to and including termination. And yes, a few people were stupid enough to fall for it so many times that they were terminated.
 

2003TIDE

Hall of Fame
Jul 10, 2007
7,234
2,251
187
ATL
, a few people were stupid enough to fall for it so many times that they were terminated.
You only need one person to fall for it once and your company could be on the news.

The key to stopping these attacks is the use of a password management tool which changes administrative account passwords very frequently. Even if they get an admin password, they only have it for an hour, max.
That is part of the answer. MFA is big too, but some of this is using windows vulnerabilities to elevate without creds.

Thing is there are a lot of good people in IT, but there are also a lot of lazy and dumb ones too.
 

2003TIDE

Hall of Fame
Jul 10, 2007
7,234
2,251
187
ATL
Let me add this for any IT ppl out there. After seeing something delete backups and actually infect an ESXi hosts with compromised domain creds, I'd think long and hard about AD integration for any core infrastructure (network gear, firewalls, storage, virtualization hosts, etc) unless I could be 100% sure it was MFA'd.
 
  • Like
Reactions: Jon and B1GTide

B1GTide

TideFans Legend
Apr 13, 2012
37,776
24,420
187
Let me add this for any IT ppl out there. After seeing something delete backups and actually infect an ESXi hosts with compromised domain creds, I'd think long and hard about AD integration for any core infrastructure (network gear, firewalls, storage, virtualization hosts, etc) unless I could be 100% sure it was MFA'd.
I am not an IT person, per se'. I work in mergers and acquisitions. But it requires a much higher level of sophistication across an IT department, including a much larger IT spend, to achieve this.

2FA is not expensive, but the rest is, and managing it is expensive.
 

B1GTide

TideFans Legend
Apr 13, 2012
37,776
24,420
187
Guess it’s kind of like Derek Bok’s comment on education….If you think IT security is expensive, just try life without it.
For small companies, it is a risk/reward formula. Buy Cyber insurance and hope for the best. The larger your business, the more complex the cost/benefit analysis becomes.

I think that it really comes down to the type of data that you are trying to protect. Some industries have state and federal regulations which require the investment.
 
  • Like
Reactions: crimsonaudio

jthomas666

Hall of Fame
Aug 14, 2002
20,049
4,029
187
58
Birmingham & Warner Robins
We get cybersecurity refresher training every year. In the last course, one of the things they noted is that in many cases, hackers will tailor a phishing email at a specific person within an organization--making the email appear to come from the person's supervisor, for instance.
 

TIDE-HSV

Senior Administrator
Staff member
Oct 13, 1999
75,238
19,566
437
Huntsville, AL,USA
That guy was BS'ing to sound cool

Most "hacking" is actually phishing the stupid, not pressuring the weak. Sure some of what he describe happens, bust "most" not even close
Some of the phishes directed my way are really clever. Sometimes, I have to just sit back, reread, trace down their server obscurations , look at the modification of origins I might trust and admire their crooked handiwork...
 

Jon

Hall of Fame
Feb 22, 2002
13,598
6,680
182
Atlanta 'Burbs
Some of the phishes directed my way are really clever. Sometimes, I have to just sit back, reread, trace down their server obscurations , look at the modification of origins I might trust and admire their crooked handiwork...
I work for one of the worlds largest Cyber Security vendors and we do internal pseudo-phishing all the time using examples we find in the wild. It is funny though we are so well protected because it is literally our business that every time we do it people get caught falling for the phishing because "they can't believe a phishing attack could get through so it must not be one...."

you are right some of the stuff out there is insanely creative
 

crimsonaudio

Administrator
Staff member
Sep 9, 2002
49,695
19,021
362
crimsonaudio.net
I'd be willing to bet I've lost work in the past based on my refusal to open any attachment that I've not been told to expect. I don't even think twice, regardless as to who is sending it - it's deleted. Thankfully, there is some decent detection software available as well so generally the bad stuff gets flagged and thrown into my junk folder for me to glance at before deletion, but yeah, I don't trust any email. Far too easy to spoof.
 

TIDE-HSV

Senior Administrator
Staff member
Oct 13, 1999
75,238
19,566
437
Huntsville, AL,USA
I work for one of the worlds largest Cyber Security vendors and we do internal pseudo-phishing all the time using examples we find in the wild. It is funny though we are so well protected because it is literally our business that every time we do it people get caught falling for the phishing because "they can't believe a phishing attack could get through so it must not be one...."

you are right some of the stuff out there is insanely creative
The closest I've come to getting caught was about 20 years ago. I got an email saying that my card hadn't cleared because of a mixup. It was a Regions card. Well, it truly had happened a week before. I sighed and thought "not again," and followed the link. It was a perfectly rendered Regions page. I dutifully filled in the account number. It had a block for the three digit PIN at the bottom. I thought to myself that they didn't need that and hit "send." Immediately a bolded message came back - "You must enter your PIN!" I then woke up and closed the page. I then called the 800 number and canceled the card. Underneath the URL, the real site they'd borrowed was an Estonian maker of specialty sports clothing, like Formula One, World Cup skiing, etc. I notified them but got no reply.

One other incident happened with a Citibank card. I used it only for office software purchases and I didn't examine every statement since it was normally zero. I just let them stack up, so I was negligent in that respect. When I did open one, I discovered a $1300+ balance. Of course I called Citi and opened the rest of the statements. Several months before there had started to be charges, around $30+ or so, all to x-rated sites. He was testing me to see how closely I monitored. When he got comfortable, he actually paid a web-hosting site and opened his own x-rated website - at my expense. When I checked back, the card had only been used once in the previous year. I had bought a new piece of billing software to experiment with from a small software company in New England, New Hampshire, I think. It was business software, nothing to do with sex in any way. I wrote the president of the company, explaining the situation and telling him to expect to hear from investigators from Citibank, which had backed out all the charges and promised an investigation. I never heard back from him. I wonder why... ;)
 
  • Like
Reactions: Jon

TexasBama

Hall of Fame
Jan 15, 2000
15,639
10,415
287
63
Houston, Texas USA
I work for one of the worlds largest Cyber Security vendors and we do internal pseudo-phishing all the time using examples we find in the wild. It is funny though we are so well protected because it is literally our business that every time we do it people get caught falling for the phishing because "they can't believe a phishing attack could get through so it must not be one...."

you are right some of the stuff out there is insanely creative
What are the chances of there being enough of an electron trail to find these guys? Asking for the brother of friend who’s a drone pilot
 
Last edited:
  • Like
  • Haha
Reactions: Jon and B1GTide

81usaf92

Hall of Fame
Apr 26, 2008
22,642
13,055
187
South Alabama
That guy was BS'ing to sound cool

Most "hacking" is actually phishing the stupid, not pressuring the weak. Sure some of what he describe happens, bust "most" not even close
This a little off topic. But I was getting Express VPN just to watch out of region television, but constantly the people who market it online usually pitch it as “makes it hard for hackers to get your valuables”. What exactly does a VPN do? Because I’m not really up on the ins and outs on computers, and really only understand VPN as a way to watch out of market television. Does it really make it harder to be hacked.