Identify the risk category for the attack shared. Was this a business, non-business, or financial risk? Given your understanding of the risk elements vulnerabilities, threats & th

Synopsis:

                In May 2021 the Colonial Pipeline, starting in Texas and ending in New Jersey, was hacked by a malicious group. They gained access to the pipelines network with an exposed password and account. This led to a large quantity of data being stolen and used to then infect the system with a ransomware attack. I assume that the ransomware attack caused the administrators to lose access and control of the network, which could have caused a litany of problems. They attempted to regain control of the system but were unsuccessful which they then paid a ransom of $4.4 million in bitcoin. About of month later the Department of justice were able to recover about $2.3 million of the bitcoin back. This attack caused the panic gas buying that was all over the news and showed the crazy and unsafe storage containers like people filling up grocery bags. The aftermath of this attack was the issuing of an executive order from the Biden Administration for government agencies to start following a stricter set of policies. Most of the executive orders appear to direct agencies in time requirements for reporting and distributing information regarding cybersecurity and events that take place. They also listed direct orders for other agencies to perform certain actions before a deadline to bolster our nations cyber defense.

Threat Agent:

                The attackers were a hacker group known as DarkSide and were based out of Russia. There have been no ties to the Russian government and the Russian government has announced that they were not involved in the attack. This information was obtained since the group needed to identify themselves to receive the ransom and from Russia’s public statement on the event.

Threat:

                The threat was theft of data that led to the creation of targeted ransomware to encrypt data within the system.

Vulnerabilities:

                The vulnerability was a lack of access controls, specifically tied to the password management since they were able to get access to the system with an exposed password and account through a VPN.

Attack type:

The attack type was Technical and Malware since they installed ransomware on the network and hosts. It may have also included another type of attack since this was a two-step attack and we are not fully aware of how they acquired the password. 

Likelihood:

                I would rate the Likelihood as medium. This is because I would assume that they do have a lot of security measures in place to protect against cyber-attacks, so a high rating would not be justified. I cannot rate it as low though because it seems like a simpler attack that they should have been aware of and have been already implementing controls or policies to protect against it.

Impact:

                The impact of this must be rated as critical. This is because of the financial impact it had on the pipeline and how this negatively impacted so many people. It is also because if the length of the attack increased then the damage would have as well. The last reason it has garnered this rating is because they are lucky that the attackers only encrypted the data and did not destroy it. They could have also chosen to never unencrypt, and this could have ballooned the damage to financial amounts that we would not be aware of until it was fully fixed.

References

Colonial Pipeline hack explained: Everything you need to know. (n.d.). WhatIs.Com. Retrieved August 16, 2022, from  https://www.techtarget.com/whatis/feature/Colonial-Pipeline-hack-explained-Everything-you-need-to-know (Links to an external site.)

CRISC Certified in Risk and Information Systems Control. (n.d.). Retrieved August 16, 2022, from  https://learning.oreilly.com/library/view/crisc-certified-in/9780071847148/ch01.html (Links to an external site.)

House, T. W. (2021, May 12). Executive Order on Improving the Nation’s Cybersecurity. The White House.  https://www.whitehouse.gov/briefing-room/presidential-actions/2021/05/12/executive-order-on-improving-the-nations-cybersecurity/

Collepals.com Plagiarism Free Papers

Are you looking for custom essay writing service or even dissertation writing services? Just request for our write my paper service, and we'll match you with the best essay writer in your subject! With an exceptional team of professional academic experts in a wide range of subjects, we can guarantee you an unrivaled quality of custom-written papers.

Get ZERO PLAGIARISM, HUMAN WRITTEN ESSAYS

Why Hire Collepals.com writers to do your paper?

Quality- We are experienced and have access to ample research materials.

We write plagiarism Free Content

Confidential- We never share or sell your personal information to third parties.

Support-Chat with us today! We are always waiting to answer all your questions.