Stricken US bulk hydrocarbon conveyor Colonial Pipeline advertised for a new cybersecurity manager a month before that ransomware attack forced operators to shut down the pipeline as a pre-emptive safety measure.
The job advert came to light in the wake of the ransomware attack, which shut down one of America's largest pipelines on Friday 7 May.
"Employees find exciting opportunities to grow and develop their careers at a stable company which offers a generous compensation and benefits package that includes annual incentive bonuses, retirement plans, insurance coverage and a host of other features that support a happy, active, productive and rewarding life," says the advertisement (also available here).
The advert called for a degree in compsci or infosec, five years of "technical experience" in infosec and/or incident response – and for the successful applicant to have a "strong foundation and in-depth technical knowledge of security engineering, computer and network security, authentication, and security controls."
By Saturday (8 May), the pipeline company had said it was "actively in the process of restoring" operations, only for its website to fall offline at the time of writing.
It seems highly unlikely that the recruitment of a new cybersecurity manager had anything to do with the attack, but the timing is unfortunate. Whoever got the job, assuming it was filled before the attack, is going to have a helluva task on their hands.
The Darkside ransomware gang is said to be responsible for the attack. Infosec firm Secureworks reckons the Russia-based criminals (it has named the group Gold Waterfall) have been operating since August last year as a commission-based affiliate operation, and are an offshoot of the notorious REvil ransomware crew.
"Darkside ransomware appears to be created independently of REvil or GandCrab but shares several architectural similarities that suggest that the Darkside author is familiar with those families," said Secureworks in a research summary.
South Korea, meanwhile, ordered a review of its energy infrastructure's digital security in the wake of the Colonial Pipeline shutdown. A minister said the Asian nation would be checking "whether cybersecurity preparations and countermeasures for our energy-related infrastructure are properly in place." Next to South Korea is North Korea, a well-known hotbed of malicious people who use ransomware to fund their pariah state. ®