Other countries

The media recently reported on the ransomware attack on the IT network of a major United States pipeline.

Darkside: Cyberattacks 2.0
May 21, 2021

The media recently reported on the ransomware attack on the IT network of a major United States pipeline. We have almost lost count of the cybersecurity incidents suffered by infrastructure operators. The characteristics of this attack show the evolution of this kind of situations, posing new technical and legal challenges.

According to a recent article published on Forbes.com, one of the attack’s most remarkable aspects is that the hacking groups involved are undetermined. Contrary to standard practice, this ransomware attack was apparently carried out by two groups with clearly distinct roles: one of them could have found weaknesses in the company’s cybersecurity and carried out the attack; and the other could have made available to the attacker any software and services necessary to encrypt the IT network and communicate with the attacked facility.

According to these roles, the hacking group Darkside provided the attacker with (i) the ransomware tools required to block and take control of the affected systems; and (ii) the servers and other tools necessary to communicate remotely with the affected facility and receive the ransom payment. It did so following an approach similar to the Software as a Service (SaaS) model. As a result, cybersecurity specialists have called this approach the Ransomware as a Service (RaaS) model. Obviously, this business model facilitates cyberattacks. In exchange for a share of the ransom payment for lifting the block on the affected systems, the ransomware provider simplifies access to and use of sophisticated and expensive technical tools that would otherwise have been barely available to the attacker.

From a legal standpoint, this distribution of roles has an obvious consequence, i.e., allocating liability in these incidents becomes a lot harder. The group that takes advantage of an entity’s security breach, infiltrating the IT network and blocking the systems (in addition to further action related to the block) should be held primarily liable. However, we should also assess the degree of involvement of the organization providing the attackers with all the necessary tools to carry out the attack, considering that this organization specifically developed technical infrastructure for these illegal actions.

The attack suffered by the US pipeline also evidenced the importance that hacking groups place on media attention and on consolidating the image that their attacks are ruthless but, paradoxically, that they are also disturbed by injustice.

According to recent news, Darkside has long been trying to give a good image of its organization. To do this, the hacking group has not only advertised several times that it has made donations to charity organizations, but has also publicly stated that it will never allow its technological tools to be used to attack companies that do not make a profit, hospital operators, schools or public authorities.

However, the group uses its different communication channels to disclose confidential-and often highly compromising-information obtained through attacks carried out from their technological platform. These channels thus become means of disseminating the group’s success, using professional marketing communication techniques.

In conclusion, cyberattackers are becoming increasingly sophisticated. They are consolidating as professional organizations designed to make the struggle against them difficult, not only technically and legally, but also in terms of public image.

Author: Albert Agustinoy

May 21, 2021