Skip Navigation

Homeland Security News

A collection of open-source homeland security and terrorism news from around the world.
Keyword: cyber threats

The head of Colonial Pipeline told U.S. senators on Tuesday that hackers who launched last month’s cyber attack against the company and disrupted fuel supplies to the U.S. Southeast were able to get into the system by stealing a single password.

Colonial Pipeline Chief Executive Joseph Blount told a U.S. Senate committee that the attack occurred using a legacy Virtual Private Network (VPN) system that did not have multifactor authentication in place. That means it could be accessed through a password without a second step such as a text message, a common security safeguard in more recent software.

"In the case of this particular legacy VPN, it only had single-factor authentication," Blount said. "It was a complicated password, I want to be clear on that. It was not a Colonial123-type password."

Read more: Reuters

The federal government has recovered millions of dollars in cryptocurrency paid in ransom to cybercriminals whose attack prompted the shutdown of the country's largest fuel pipeline and gas shortages across the southeastern U.S. last month, the Department of Justice announced Monday.

On May 8, Colonial Pipeline paid a ransom worth roughly $4.3 million in bitcoin to the Russia-based hacking group known as DarkSide, which had used malicious software to hold the company hostage. Colonial Pipeline CEO Joseph Blount told The Wall Street Journal that the company paid the pricey ransom because the company feared a prolonged shutdown and did not know how long it would take to restore operations.

The ransom allowed Colonial to restore fuel transport through its pipeline, which stretches from Texas to the Northeast and delivers 45% of all fuel consumed on the East Coast.

Read more: CBS News

The U.S. Department of Justice is elevating investigations of ransomware attacks to a similar priority as terrorism in the wake of the Colonial Pipeline hack and mounting damage caused by cyber criminals, a senior department official told Reuters.

Internal guidance sent on Thursday to U.S. attorney's offices across the country said information about ransomware investigations in the field should be centrally coordinated with a recently created task force in Washington.

"It's a specialized process to ensure we track all ransomware cases regardless of where it may be referred in this country, so you can make the connections between actors and work your way up to disrupt the whole chain," said John Carlin, principle associate deputy attorney general at the Justice Department.

Read more: Reuters

A group of hackers suspected to have links to the Chinese government breached computer systems belonging to New York's Metropolitan Transit Authority (MTA) in April, according to the New York Times.

Transit officials told The Times that the breach did little damage and hackers did not gain access to train controls.

A forensic analysis of the attack further found that hackers did not access nor compromise customers' personal data or put riders in danger, The Times reported. The hack was reported to law enforcement and other state agencies but was not announced to the public.

"The M.T.A.'s existing multilayered security systems worked as designed, preventing spread of the attack," Rafail Portnoy, the MTA's chief technology officer, told The Times. "We continue to strengthen these comprehensive systems and remain vigilant as cyberattacks are a growing global threat."

Read more: Business Insider

Brazil’s JBS SA (JBSS3.SA) told the U.S. government that a ransomware attack on the company that disrupted meat production in North America and Australia originated from a criminal organization likely based in Russia, the White House said on Tuesday.

JBS, the world's largest meatpacker, said on Tuesday night it had made "significant progress in resolving the cyberattack." The "vast majority" of the company's beef, pork, poultry and prepared foods plants will be operational on Wednesday, according to a statement, easing concerns over rising food prices.

The cyberattack followed one last month by a group with ties to Russia on Colonial Pipeline, the largest fuel pipeline in the United States, which crippled fuel delivery for several days in the U.S. Southeast.

Read more: Reuters