What to know about DarkSide, the hacking group responsible for Colonial Pipeline cyberattack in USA - Binnabook

Readers Stats

Search on Binnabook

Translate

What to know about DarkSide, the hacking group responsible for Colonial Pipeline cyberattack in USA

 DarkSide was singled out by the FBI on Monday as being responsible for the cyberattack on the Colonial Pipeline that shut down a major oil network over the weekend.


Here is what we know about the hacking group:


Darkside Hacking Group Reveals Dangerous Evolution - YouTube


What is DarkSide?


DarkSide is a group of organized hackers selling ransomware hacking tools to other criminals to carry out attacks, according to Boston-based cybersecurity technology company Cybereason. The ransomware was first detected in August of 2020.


The geograhical origin of the hacking group has not been confirmed, though Cybereason noted it does not target entities based in former Soviet countries. In a statement posted to the dark web that appears to address the Colonial cyberattack, DarkSide denied being connected to a foreign government, according to the Wall Street Journal.


On Monday, President Joe Biden said "so far" there has been no evidence of involvement by Russia intelligence in the cyberattack but suggested the country "might have some responsibility" to deal with ransomware attacks, noting "there is evidence the actor's ransomware is in Russia."


Cybereason chief security officer Sam Curry told the Washington Examiner there is a "system of Russian-aligned languages" such as "Russian, Georgian, Turkmen, and Azerbaijani" that DarkSide hackers appear to avoid.


DarkSide has an "ethos" to appear ethical in its illicit practices, telling its customers who and what targets are acceptable to attack, Curry said.


The hacking group tells customers using its malware to avoid targeting organizations include hospitals, hospices, schools, universities, nonprofit organizations, and government agencies. Prime targets for the hackers include for-profit companies in English speaking countries, Cybereason said in a blog post published on Monday.


"We are apolitical, we do not participate in geopolitics, do not need to tie us with a defined government and look for our motives," DarkSide said, according to a statement obtained by Cybereason from the hacking group.


The hacking group also claims it has donated a portion of the stolen proceeds to charities, though Curry said "those charities are not accepting it, they can't take things like that."


COLONIAL PIPELINE AIMS FOR RESTART THIS WEEK AFTER CYBERATTACK


"It's like Robin Hood stole 100 pounds of gold and gave what, a shilling to a kid somewhere and that kid couldn't take it," Curry added.


What is DarkSide seeking?


The intruders took nearly 100 gigabytes of data out of the Colonial's network based in Alpharetta, Georgia, in just two hours, according to two people involved in Colonial Pipeline’s investigation, Bloomberg reported Saturday.


Cybereason said the hacking groups exercise a technique called "double extortion" in its cyberattacks, meaning they not only encrypt the victim's data, but the group also steals data and threatens to make the information public on a website called "DarkSide Leaks" if a ransom is not paid.


"This means the target is still faced with the prospect of having to pay the ransom regardless of whether or not they employed data backups as a precautionary measure," Cybereason posted in a statement.


Typical ransom demands range from $200,000 to $2 million, according to Cybereason. The cybersecurity firm said hackers learn the size and scope of the companies they target in order to find out who the central decision makers are within a firm.


Curry said the biggest takeaway from the attack is that hackers are exercising an illicit "business model," adding that the practice poses a "real risk to critical infrastructure."


What does DarkSide do?


Cybereason said the hackers used a new version of its malware called DarkSide 2.0, adding that, "So far DarkSide tried breaching 10 of our customers but we stopped it. Eight were in US and two in Europe."


Peter Philip, a Texas-based information technology expert who has over 20 years of experience leading organizations in technology solutions, said the "double attack" is a common practice among hacking groups.


"They're building hacking toolkits that then they're distributing and people can hobble these together to do concerted organized attacks against particular organizations or infrastructure and this is what we saw here," Philip told the Washington Examiner.


Curry said two possible ways hackers enter a secured network are through phishing strategies or using an existing vulnerability in the network.


Ongoing investigations will likely reveal the root cause of the breach at a later date. "We continue to work with the company and our government partners on the investigation," the FBI said on Monday.


Cybereason said DarkSide has a reputation for being "organized" and "professional," offering a help desk and phone number dial for data breach victims.


What does the cyberattack mean for national security?


The hack is likely "the most significant, successful attack on energy infrastructure we know of in the United States," energy analyst Amy Myers Jaffe told Politico.


Philip agreed with Jaffe's assessment, saying the cyberattack was significant in-part because "This was done remotely by an organization not even based in the United States."


Colonial is the largest refined fuel pipeline network in the United States and transports more than 100 million gallons per day, providing around 45% of fuel utilized along the East Coast. Operations at the refinery have been suspended since Friday, though the firm has said it plans to resume operations sometime this week.


Curry said the source country for the recent Colonial attack is hard to pinpoint because hackers can use "false flag operations that can pose as someone else."

No comments:

Post a Comment

Your Views are needed.Thanks!

Portugal reach Euro 2020 knockout stages-Cristiano Ronaldo equals all-time international goalscoring record

 Cristiano Ronaldo scored twice to equal the all-time international goalscoring record as Portugal qualified for the last 16 of Euro 2020 in...

BINNABOOK BLOG POSTS


BINNAPARLOUR BLOG POST


MOST READ POST


COPYRIGHT: All rights reserved. This material and any other material on this platform may not be reproduced, published, written in full or in part, without written permission from BINNABOOK PUBLISHERS.But you can share through the social Media