On Saturday, May 8, 2021, news broke of the shutdown of the main fuel supply line to the U.S. East Coast due to a cyberattack. This is just another in the growing number of ransomware incidents to hit U.S. government and commercial organizations.
Ransomware is a form of malware designed to encrypt files on a device, rendering any files and the systems that rely on them unusable. Malicious actors then demand ransom in exchange for decryption.
As a leading cyber and information security company for government and commercial entities, Assured Information Security (AIS) understands just how important it is for the computer systems and networks supporting critical infrastructure, such as a fuel distribution pipeline, to be evaluated on a regular basis for secure design and implementation.
“Cyberattacks against critical infrastructure have grown significantly in the past years and the numbers are likely to continue to rise as more systems are automated and connected to networks,” said Eric Thayer, Principal Engineer for Systems Analysis and Exploitation at AIS. “At AIS we regularly analyze the security of complex systems, such as those that may have been supporting the pipeline. We have a team that specializes in identifying weaknesses and hardening safety critical systems.”
According to the Washington Post, in recent years, ransomware attacks have affected everyone from banks and hospitals to universities and municipalities — almost 2,400 organizations in the U.S. were victimized last year alone. Attackers are increasingly targeting industrial sectors because these firms are more willing to pay up to regain control of their systems, experts say.
“Cyber threats are constantly evolving, and it is important for companies to understand the impact of vulnerabilities before they are discovered and to be prepared with plans in place to mitigate potential threats,” said Thayer. “End to end vulnerability assessments and secure product consulting are services we often encourage our customers to consider. These services help to proactively identify weaknesses before they are exploited and we can build systems securely from the ground up, minimizing potential threats.”