What you need to know
- Colonial Pipeline suffered a massive ransomware cyberattack that forced it to halt business.
- The attack resulted in oil prices skyrocketing as a result of paused pipeline operations.
- Microsoft Exchange seems to be linked to the root of the cyberattack.
Update May 13, 2021 at 9:15 a.m. ET: Microsoft has provided the following statement: "We have not seen any evidence to support the speculation that this ransomware attack is related to Exchange vulnerabilities. Such a tactic is not consistent with the known behaviors of these attackers."
After months of Microsoft Exchange drama thanks to the Microsoft Exchange Server hacks at the hands of multiple groups, including state-sponsored Chinese hacker group Hafnium, it seems the MS product is back at the center of controversy. This time, it's being linked to the Colonial Pipeline ransomware attacks and subsequent halting of Eastern U.S. oil supplies.
As spotted by The New York Times' cybersecurity reporter Nicole Perlroth, a forensic finding made during an evaluation of Colonial Pipeline noted numerous blind spots that could have led to the security breach, with the "most likely culprit" being vulnerable Microsoft Exchange services.
Interesting forensic finding on Colonial Pipeline: They were STILL using a vulnerable version of Microsoft Exchange (the same systems exploited by Chinese hackers that was revealed in March), among other notable lapses. Per Coalition. pic.twitter.com/TvsEN8S3EwInteresting forensic finding on Colonial Pipeline: They were STILL using a vulnerable version of Microsoft Exchange (the same systems exploited by Chinese hackers that was revealed in March), among other notable lapses. Per Coalition. pic.twitter.com/TvsEN8S3Ew— Nicole Perlr🌻th (@nicoleperlroth) May 11, 2021May 11, 2021
That is to say: It's not guaranteed that Microsoft Exchange issues are to blame for Colonial Pipeline's current problems. Rather, an overall lack of technological sophistication is the root cause of the pipeline operator's issues. Exchange may have played a role, though, if its vulnerabilities were indeed what left Colonial Pipeline open for ransomware attacks.
There are many takeaways from the news, with one being that no major organization should rely on outdated versions of products that were compromised and used in massive government-shaking hacks. What happens from here is anyone's guess, but it stands to reason that every sort of organization and company, be it pipeline operators or otherwise, is going to be reassessing cybersecurity measures to avoid becoming the next national center of attention.
