Pipeline attack will be 'turning point' for countries including NZ, expert believes

Tuesday, 11 May 2021

A cyber-attack on a major United States fuel pipeline is likely to prove a turning point that results in countries including New Zealand taking tougher action against ransomware, a security expert believes.

The Colonial Pipeline company was still battling on Tuesday to re-open a pipeline that distributes 380 million litres of fuel each day from Texas to large areas of the southern and eastern US following an attack last week by a Russian ransomware gang.

The attack has raised fears of fuel shortages and resulted in higher fuel prices in the US.

US President Joe Biden said during a White House briefing there was no evidence the Russian government was involved but he would be taking up the incident with Russian President Vladimir Putin.

* FBI warns US hospitals of 'imminent cybercrime threat' amid ransomware attacks

Colonial Pipeline supplies fuel to a huge swathe of the US.

* Growing concerns over ransomware payments puts NZ cyber insurers on the spot

Brett Callow, a threat analyst with Nelson-based cyber-security company Emsisoft, said there would be implications for New Zealand.

He has advocated for new laws making it illegal for businesses to pay or facilitate the payment of ransomware demands, saying the only way to stop ransomware attacks was to make them unprofitable.

“I absolutely think this incident will represent a turning point,” Callow said.

“Governments' response to the worsening ransomware problem has really been underwhelming, but I think it’s clear that needs to change

The attack on Colonial Pipeline’s infrastructure has pushed up the price of petrol in the US.

“Countries can’t have their critical infrastructure, governments, healthcare systems and financial institutions shutdown by cybercriminals – there has to be a point at which governments decide to take decisive action, and I suspect this will be it.”

A study Callow undertook last month that was highlighted by the BBC estimated ransomware was costing between US$42 billion (NZ$58b) and US$170b globally.

The US Treasury had begun taking steps to discourage businesses from making or facilitating ransomware payments before the pipeline attack.

It issued a warning in October that cyber insurers and other businesses risked violating its regulations if they helped pay off attackers.

It said they could face sanctions if they facilitated payments, even unknowingly, to some cybercrime groups including the Lazarus Group, which it said was sponsored by North Korea, and Russian gang Evil Corp.

Although the sanction threat applies mainly to US organisations, any US citizens overseas and non-US organisations that facilitated the banned transactions for Americans appear to be within its ambit.

NZI, a division of insurer IAG, is one of a few New Zealand insurers that currently offers to cover the payment of ransoms as part of its cyber insurance policies.

IAG spokeswoman Cara Mygind said the policy would only pay out on a ransom payment claim if a claimant was told do so by police to assist with investigations.

Last month a “Ransomware Task Force” backed by Microsoft, Amazon, the US FBI and the Britain's National Crime Agency released a report that could also tighten the screw.

The taskforce did not go as far as calling for an outright ban on ransomware payments but recommended that organisations should be required to disclose any such payments they had made.

Its report also recommended crypto-currency exchanges should be more heavily regulated and required to comply with anti-money laundering rules.

Biden appeared to indicate more action might be in the wings following the Colonial Pipeline attack.

He said during his White Housing briefing transnational criminals often used global money-laundering networks to carry out attacks and his administration would be perusing “a global effort” to address that.