"
data-check-event-based-preview=""
data-is-vertical-video-embed="false"
data-network-id=""
data-publish-date="2021-05-15T14:00:36Z"
data-video-section="tv"
data-canonical-url="https://www.cnn.com/videos/tv/2021/05/15/should-colonial-pipeline-have-paid-the-hackers.cnn"
data-branding-key=""
data-video-slug="Should Colonial Pipeline have paid the hackers?"
data-first-publish-slug="Should Colonial Pipeline have paid the hackers?"
data-video-tags="counterterrorism,crime, law enforcement and corrections,criminal offenses,digital crime,digital security,international relations and national security,national security,political figures - us,richard clarke,technology,terrorism,terrorism and counter-terrorism,unrest, conflicts and war"
data-details="">
"
data-check-event-based-preview=""
data-is-vertical-video-embed="false"
data-network-id=""
data-publish-date="2021-05-15T14:00:36Z"
data-video-section="tv"
data-canonical-url="https://www.cnn.com/videos/tv/2021/05/15/should-colonial-pipeline-have-paid-the-hackers.cnn"
data-branding-key=""
data-video-slug="Should Colonial Pipeline have paid the hackers?"
data-first-publish-slug="Should Colonial Pipeline have paid the hackers?"
data-video-tags="counterterrorism,crime, law enforcement and corrections,criminal offenses,digital crime,digital security,international relations and national security,national security,political figures - us,richard clarke,technology,terrorism,terrorism and counter-terrorism,unrest, conflicts and war"
data-details="">
"
data-check-event-based-preview=""
data-is-vertical-video-embed="false"
data-network-id=""
data-publish-date="2023-05-30T19:56:54Z"
data-video-section="business"
data-canonical-url="https://www.cnn.com/videos/business/2023/05/30/artificial-intelligence-pose-risk-of-extinction-humanity-salin-sot-nc-vpx.cnn"
data-branding-key=""
data-video-slug="DO NOT USE artificial intelligence pose risk of extinction humanity salin sot nc vpx"
data-first-publish-slug="DO NOT USE artificial intelligence pose risk of extinction humanity salin sot nc vpx"
data-video-tags=""
data-details="">
Video Ad Feedback
Experts warn AI could pose 'extinction' risk for humanity
"
data-check-event-based-preview=""
data-is-vertical-video-embed="false"
data-network-id=""
data-publish-date="2023-02-14T10:58:28Z"
data-video-section="business"
data-canonical-url="https://www.cnn.com/videos/business/2023/02/14/flirt-artificial-intelligence-ai-dating-apps-hinge-tinder-orig.cnn-business"
data-branding-key="nightcap"
data-video-slug="flirt artificial intelligence ai dating apps hinge tinder orig"
data-first-publish-slug="flirt artificial intelligence ai dating apps hinge tinder orig"
data-video-tags="artificial intelligence,business and industry sectors,business, economy and trade,cnn,companies,computer science and information technology,domestic alerts,domestic-business,domestic-health and science,iab-artificial intelligence,iab-business and finance,iab-computing,iab-industries,iab-software and applications,iab-technology & computing,iab-technology industry,international alerts,international-business,international-health and science,mobile apps,mobile technology,openai,software and applications,technology,warnermedia"
data-details="">
Video Ad Feedback
CNN tried an AI flirt app. It was shockingly pervy
"
data-check-event-based-preview=""
data-is-vertical-video-embed="false"
data-network-id=""
data-publish-date="2023-02-11T02:28:49Z"
data-video-section="business"
data-canonical-url="https://www.cnn.com/videos/business/2023/02/11/deepfake-newscast-ai-chinese-messaging-wang-pkg-ac360-vpx.cnn"
data-branding-key=""
data-video-slug="deepfake newscast AI chinese messaging wang pkg ac360 vpx"
data-first-publish-slug="deepfake newscast AI chinese messaging wang pkg ac360 vpx"
data-video-tags=""
data-details="">
Video Ad Feedback
These newscasters you may have seen online are not real people
"
data-check-event-based-preview=""
data-is-vertical-video-embed="false"
data-network-id=""
data-publish-date="2023-01-28T11:20:56Z"
data-video-section="business"
data-canonical-url="https://www.cnn.com/videos/business/2023/01/26/nightcap-chatgpt-students-clip-orig-nb.cnn"
data-branding-key="nightcap"
data-video-slug="nightcap chatgpt students clip orig nb"
data-first-publish-slug="nightcap chatgpt students clip orig nb"
data-video-tags="artificial intelligence,business and industry sectors,business, economy and trade,companies,computer science and information technology,domestic alerts,domestic-business,domestic-health and science,education,education systems and institutions,iab-artificial intelligence,iab-business and finance,iab-computing,iab-education,iab-education industry,iab-industries,iab-technology & computing,iab-technology industry,international alerts,international-business,international-health and science,openai,primary and secondary education,teachers and teaching,technology"
data-details="">
Video Ad Feedback
Hear why this teacher says schools should embrace ChatGPT, not ban it
"
data-check-event-based-preview=""
data-is-vertical-video-embed="false"
data-network-id=""
data-publish-date="2023-01-24T14:05:56Z"
data-video-section="business"
data-canonical-url="https://www.cnn.com/videos/business/2023/01/24/what-is-chatgpt-cnntm-pkg-yurkevich-contd-vpx.cnn"
data-branding-key=""
data-video-slug="what is chatgpt cnntm pkg yurkevich contd vpx"
data-first-publish-slug="what is chatgpt cnntm pkg yurkevich contd vpx"
data-video-tags="artificial intelligence,business and industry sectors,business, economy and trade,companies,computer science and information technology,domestic alerts,domestic-business,domestic-health and science,iab-artificial intelligence,iab-business and finance,iab-computing,iab-industries,iab-technology & computing,iab-technology industry,international alerts,international-business,international-health and science,openai,technology"
data-details="">
Video Ad Feedback
He loves artificial intelligence. Hear why he is issuing a warning about ChatGPT
And it could have been worse, said Nick Merrill, a researcher with the Center for Long-Term Cybersecurity at the UC Berkeley School of Information.
“The first thing that comes to my mind is: Thank God this wasn’t water,” Merrill said. “Unfortunately, it doesn’t surprise me that this happened.”
Other aging, critical utilities potentially at risk include electrical systems and nuclear power plants, Merrill said. And it’s not just physical infrastructure: the hack of tools such as point-of-sale software commonly used by small businesses could wreak havoc on the economy.
Experts are hoping the Colonial Pipeline hack — and the real-world impact it had on everyday Americans — will finally be a wake-up call for companies and governments to acknowledge these vulnerabilities and take action to address them. Similar targeted attacks are expected to become more frequent and, potentially, more damaging.
But experts say companies should be doing more to avoid becoming the next target. Around 85% of critical US infrastructure and resources is owned by the private sector, according to the Department of Homeland Security.
Here’s what corporate America needs to know about these kinds of attacks and how to prevent them.
Who was behind the Colonial attack?
For years, it was generally believed that only a state-supported bad actor would be able to hack into and paralyze critical US infrastructure — and that such a thing was unlikely because doing so could be tantamount to declaring war.
But that’s not the case anymore. DarkSide, the criminal gang that the FBI has confirmed was behind the Colonial attack, isn’t believed to be state-backed.
Now, “a private group that was established in 2020 suddenly has the capability to stop the supply of gas,” said Lior Div, CEO of cybersecurity firm Cybereason.
What is DarkSide? Experts believe the criminal group is likely operating from Russia because its online communications are in Russian, and it preys on non-Russian speaking countries. Russian law enforcement typically leaves cybercriminal groups operating within the country alone, if their targets are elsewhere, Div said.
Cybersecurity experts say the group emerged in August 2020.
DarkSide runs what is effectively a “ransomware-as-a-service” business. It develops tools that help other criminal “affiliates” carry out ransomware attacks, wherein an organization’s data is stolen and its computers locked, so victims must pay to regain access to their network and prevent the release of sensitive information. When affiliates carry out an attack, DarkSide gets a cut of the profit. (In the Colonial case, it’s not clear whether the attack was from DarkSide or an affiliate.)
“It sounds a lot like a business, and ultimately, that’s because it is,” said Drew Schmitt, principal threat intelligence analyst at GuidePoint Security. “A lot of these ransomware groups have customer service, they have chat support … all of these different mechanisms that you would see in a normal business.”
After the Colonial shutdown, DarkSide said on its website that it is a “profit motivated” entity and not a political organization. And several experts said they don’t think DarkSide intended to cause such a debacle.
“Their business is to stay quiet and get paid and move onto the next target,” Div said, adding that sometimes hackers often don’t know who they’re attacking until they’re inside a network. “The last thing that they want is to see a briefing of the president of the United States talking about them.”
By Thursday, DarkSide’s website had been shut down, according to Jon DiMaggio, chief security officer at threat intelligence platform Analyst1. US law enforcement may have been involved in removing it, he said, because typically, ransomware groups typically would post a notice to their site and leave some of the stolen data up for a period of time before vanishing, in hopes of extorting victims out of additional money.
When happens when you are hit with ransomware?
Once a company has been hit by ransomware, its first course of action is usually to take much or all of its system offline to isolate the hackers’ access and make sure they can’t move into other parts of the network.
That may be among the reasons why Colonial shut down its pipeline — to disconnect the machines running the fuel line. People briefed on the matter told CNN that the company halted operations because its billing system was also compromised and feared they wouldn’t be able to determine how much to bill customers for fuel they received.
Experts generally encourage ransomware victims not to pay any ransom: “You’re basically funding those (criminal) groups,” Div said.
But a company’s ability to get back online without paying hackers may depend on whether it has protected backups of its data. In some cases, hackers can delete their target’s backups before locking its files, leaving the victim organization with no recourse.
Colonial Pipeline ended up paying DarkSide this week as it tried to get back up and running, sources told CNN. The group demanded nearly $5 million, but the sources did not say how much the company paid.
Similar ransomware incidents could range from anywhere in the hundreds of thousands of dollars to around $10 million, experts said.
What can be done to prevent it?
By now, organizations of all sizes should be using good “cybersecurity hygiene” — for example, requiring regular password changes by its employees and two-factor authentication. But even those best practices may not always be enough to keep a bad actor out of a network.
When it comes to ransomware, the best-case scenario is if organizations can catch hackers while they’re inside the network gathering data but before they’ve fully executed an attack and files are locked. Bad actors typically penetrate a network up to three weeks before a company gets a ransom notice, according to Analyst1’s DiMaggio.
He added that artificial intelligence tools could be helpful to companies in tracking users on the network and identifying suspicious behavior.
That’s how tools like Cybereason work — when the technology identifies a pattern of behavior consistent with a bad actor inside the network, it immediately removes that user’s access.
“Basically what we’re doing is proactive threat hunting,” Div, of Cybereason, said. “(You have to have) the mindset that you’re going to get breached and somebody will try to hit you with ransomware, so it’s helpful to have a research group that’s going after those (bad actors), understanding what they’re doing … and can be a step ahead of them constantly.”
Going forward, the US government could also play a greater role in helping to reduce the threat of ransomware attacks. For example, US officials could use diplomatic channels to encourage Russia and other countries to prosecute cybercriminal gangs, Merrill, of Berkeley, said.
This week, IBM
(IBM)CEO Arvind Krishna suggested that the US government create a “NASA-style program” to facilitate investment and public private partnerships in cybersecurity.
Government could play a larger role in coordinating an overall cybersecurity plan for businesses rather than letting each company go it alone, GuidePoint’s Schmitt said.
“Ultimately, cybersecurity should be addressed as one of the main concerns when we’re talking about critical infrastructure,” he said.
