Ransomware Struck Another Pipeline Firm -- and 70GB of Data Leaked (wired.com) 23
When ransomware hackers hit Colonial Pipeline last month and shut off the distribution of gas along much of the East Coast of the United States, the world woke up to the danger of digital disruption of the petrochemical pipeline industry. Now it appears another pipeline-focused business was also hit by a ransomware crew around the same time, but kept its breach quiet -- even as 70 gigabytes of its internal files were stolen and dumped onto the dark web. From a report: A group identifying itself as Xing Team last month posted to its dark web site a collection of files stolen from LineStar Integrity Services, a Houston-based company that sells auditing, compliance, maintenance, and technology services to pipeline customers. The data, first spotted online by the WikiLeaks-style transparency group Distributed Denial of Secrets, or DDoSecrets, includes 73,500 emails, accounting files, contracts, and other business documents, around 19 GB of software code and data, and 10 GB of human resources files that includes scans of employee driver's licenses and Social Security cards. And while the breach doesn't appear to have caused any disruption to infrastructure like the Colonial Pipeline incident, security researchers warn the spilled data could provide hackers a roadmap to more pipeline targeting. LineStar did not respond to requests for comment.
Disruption to Infrastructure with Colonial? (Score:5, Interesting)
And while the breach doesn't appear to have caused any disruption to infrastructure like the Colonial Pipeline incident...
Didn't they simply turn off their infrastructure because their front office comps were jacked up and they weren't going to be able to account for things properly? I don't believe Colonial's infrastructure was directly affected by the attack either. I think it was reported that they "feared it would spread", or at least that's what they said about it.
Re: (Score:2, Interesting)
so it was less "OH no hackers turned the gas off" and more "Quick turn the gas off because we might not be able to charge for it"
Re: (Score:2)
I think that's an accurate summary and not a bad FP, but there is a special word for the crime and I can't remember what it is. Can someone help out? It isn't "extracted" or "extricated", but something longer and quite specific. It's often used when discussing the channels for moving the stolen information. The word that keeps coming to me is "exfoliated", but that's completely different. It's the crime of secretly moving data out of a sealed network to other places...
(Obviously all the warnings I received
Re: (Score:2)
Re: Disruption to Infrastructure with Colonial? (Score:2)
Just so. I had to leave at that time, but I had just come back after having dug up the word.
Re: (Score:2)
Yes. In fact, even if you have an airgapped network, it too should be shut down if the main network is breached. You don't want to accidentally infect the criti
Re: (Score:2)
That's why "proper" environments don't let the IT/IS types touch the production control systems. It is not just because those people are incompetent, they are often stupid as well.
Won't someone think of the employees? (Score:3)
...and 10 GB of human resources files that includes scans of employee driver's licenses and Social Security cards.
And worries about.
And while the breach doesn't appear to have caused any disruption to infrastructure like the Colonial Pipeline incident, security researchers warn the spilled data could provide hackers a roadmap to more pipeline targeting.
Re: (Score:2)
"One soldier in the country on a covert mission was executed and three others were abducted for interrogation"
Re: (Score:2)
Those employees are going to have to have new cards and numbers issued.
Fire Sale (Score:2)
For Sale, slightly used technology and compliance company. Only driven to church on Sundays and garaged regularly. Unfortunately the garage burnt down so buyer beware.
For sake! (Score:3)
Re: (Score:2)
They stole contracts and other business information, this wasn't a SCADA level attack and neither was the Colonial Pipeline fiasco either.
Companies are full of dumb people who have too much access. Access needs to be moderated, monitored and explicitly restricted. It also goes without saying that email systems and networks need a bit more intelligence in it to help prevent data from going offshore or to unauthorized locations.
Re: For sake! (Score:2)
This. Minimum access needed for the role, with efficient but secure processes in place where additional access is needed. Also, automated systems that trigger warnings where unusual access occurs.
Re: (Score:2)
You know it’s from management. I want remote access so I don’t have to drive to the office! Make my password easy to remember!
Re: (Score:2)
Here's a security key [techradar.com] have fun.
There are solutions out there... (Score:2)
There are "real" security solutions out there, which are effective... they just need to be more widespread:
For starters, FIDO keys, be it YubiKeys, Google Titan, Thetis, or other offerings. Just the fact that someone has to push the button on the key to get an action to happen will mitigate most remote attacks other than the ones trying to dupe or coerce the user into hitting the button. Alternatively, software solutions like Duo can stop an attack effectively.
For file servers, separating user and admin p
Microsoft Windows leaks 70GB of Data (Score:2)
Re: (Score:2)
The rest of the world knows of the dangers and for the most part took appropriate mitigations.
The problem with America is that it is full of Americans. Everything they touch falls to shite.
Does this qualify... (Score:2)
Marque and Reprisal! (Score:2)