CISA, FBI release indicators of compromise for Colonial Pipeline attack

By Dylan Bushell-Embling
Friday, 21 May, 2021

CISA, FBI release indicators of compromise for Colonial Pipeline attack

The US Cybersecurity and Infrastructure Security Agency (CISA) Computer Emergency Response Team (CERT) has released the indicators of compromise for the ransomware attack that impacted Colonial Pipeline Company earlier this month.

Malicious cyber actors are using the DarkSide ransomware to target the critical infrastructure provider’s IT network.

CISA and the Federal Bureau of Investigation (FBI) have released a list of the applications leveraged during the course of the compromise.

According to the agencies, DarkSide threat actors primarily use the Onion Router for command and control, and have also been observed using Cobalt Strike for the same purpose.

These threat actors have previously been observed gaining initial access through phishing and exploiting remotely accessible accounts and systems and Virtual Desktop Infrastructure (VDI), and using Remote Desktop Protocol to maintain persistence.

After gaining access, DarkSide actors deploy DarkSide ransomware to encrypt and steal sensitive data, and then threaten to publicly release the data if the ransom is not paid.

CISA and FBI have recommended that critical infrastructure owners and operators apply threat mitigation strategies including requiring multi-factor authentication, implementing strong spam filters, and filter network traffic to and from known malicious IP addresses.

Other mitigation strategies include limiting remote desktop protocol and other methods of access to resources over networks, disabling Office macros, and deploying signatures to detect and potentially block inbound connection from Cobalt Strike servers.

The agencies said they do not encourage paying a ransom to criminal actors, as it may embolden adversaries to target more organisations, and there is no guarantee that a victim’s files will be recovered.

Image: Colonial Pipeline Company

Originally published here.

Related News

Lack of leadership buy-in biggest obstacle to digital trust: report

A new report from ISACA says that many organisations say that in five years digital trust will be...

Lack of customer confidence affecting security strategies: report

A survey from LogRhythm finds three-quarters of ANZ companies changed their security strategy...

IMT sector was Australia's most targeted in 2023: report

The information, media and technology sector has been the Australian industry most targeted...

  • All content Copyright © 2024 Westwick-Farrow Pty Ltd