Augur Predicts Infrastructure Used in Colonial Pipeline Ransomware Attack
The Colonial Pipeline ransomware hack made the headlines as the first hack to shut down critical economic infrastructure in the US. On May 7, Colonial shut down its petroleum pipeline that supplies 45% of the gasoline used on the east coast of the US. To be clear, the attack, which has been attributed to the DarkSide ransomware group, didn’t cripple the pipeline. Instead, it shut down the delivery system, which forced Colonial to pause pipeline operations. In the end, Colonial had to pay a $4.4 million ransom to get back up and running. Even a week after the attack, 70% of gas stations in North Carolina and 50% in Virginia, Georgia, and South Carolina were still dry.
SecLytics’ Augur Predictive Detection and Response platform detected important attack infrastructure elements more than 360 days before the hack was first reported. Augur users got advance warning. Those using Augur’s enforcement integrations were also protected by automated blocking of the identified IP ranges.
What we knew and when
Our classifiers picked up clear signals months ahead of the hack. Our scoring models indicated a high level of certainty that the identified IP ranges could be used by cybercriminal groups. So Augur issued an alert to recommend blocking the IP range and added the IPs to the blocklists used by our endpoint automations.
Reactive threat intelligence solutions only protect against documented threats. Augur’s predictive intelligence looks beyond current threats and leverages machine learning and artificial intelligence to model threat actor behavior - Identifying the build-up of attack infrastructure on average of 51 days before an attack launches with a false positive rate of less than 0.01%.
Prove It To Me
We get it. These predictions are startling, and you want to know if they are legit. If you’re interested in seeing how Augur works and how Augur’s predictive intelligence can improve your zero-day protection and overall security posture, email us at firstname.lastname@example.org.