The national average for gas prices in the US has just hit a record — topping $3 per gallon as of mid-day Wednesday, a level not seen since the fall of 2014.
This comes as fuel shortages around the country are starting to worsen, as drivers race to fill up their tanks whether they need to or not following the ransomware attack on the Colonial Pipeline over the weekend. As part of the attack, the Russian ransomware gang DarkSide stole about 100GB worth of data from the network of this major US fuel pipeline, then locked the network — which led Colonial Pipeline to also take its operational network offline, even though it was only the IT network that was reportedly hit by the ransomware attack. Taking the pipeline offline was a big deal, because Colonial’s network encompasses some 5,550 miles of pipeline and carries 45% of the fuel consumed by the US East Coast. All of which is to say, this ransomware attack was pretty devastating, so much so that no only has the DarkSide gang of Russian hackers sort of apologized for it, but Colonial Pipeline is also trying to recruit a new cybersecurity manager, to prevent situations exactly like this one.
That’s according to a job posting for the role, which seems to have been posted originally in the weeks leading up to the attack, but which looks to have been re-posted, as that job link includes Tuesday’s date. As for what the new employee will be responsible for, the chosen cybersecurity manager will be asked to develop and maintain “an incident response plan and processes to address potential threats.”
The job application continues: “As the Manager, Cyber Security, you are accountable for managing a team of cyber security certified subject matter experts and specialists including but not limited to network security engineers, SCADA & field controls network engineers and a cyber security architect. As the Manager, you will lead the development of the enterprise strategy for cybersecurity; will oversee the development of standards and processes for cyber security; lead the recovery from security incidents; and guide forensics of incidents. You are someone who has an understanding of emerging security threats in order to design security policies and procedures to mitigate threats where possible.”
Meanwhile, we’re continuing to learn intriguing new details about the gang of Russian hackers behind this incident, such as the fact DarkSide operates like a quasi-normal business, believe it or not. Danny Jenkins, CEO of ThreatLocker, told the IT and business security news site ThreatPost that DarkSide has “employees, costs, profits, and customer support.” And the hackers themselves seem to be kind of like us:
According to a fascinating, deep dive on DarkSide published by the cybersecurity company FireEye, “The number of publicly named victims on the Darkside blog has increased overall since August 2020, with the exception of a significant dip in the number of victims named during January 2021. It is plausible that the decline in January was due to threat actors using DarkSide taking a break during the holiday season.”
Of course, it might also have helped this whole situation if US regulators weren’t seemingly asleep at the wheel. New reporting from Bloomberg, for example, reveals that the US Transportation Security Administration’s Pipeline Security Branch — which protects the nation’s pipelines — hasn’t mandated any cybersecurity requirements since the entity was created after the 9/11 attacks.