Colonial attack demonstrates vulnerability of SPoF

The Colonial Pipeline cyber attack highlights the potential cyber risk accumulation around vital infrastructure or technology systems that affect large numbers of connected organisations.

According to analysis from cyber risk analytics firm, CyberCube the attack on the US fuel pipeline demonstrates the vulnerability of single points of failure. In the case of Colonial, the major pipeline is connected to 30 oil refineries and nearly 300 fuel distribution terminals throughout the country. In addition, thousands of gas stations, consumers and hundreds of companies including mass-transit hubs such as airports, rely on Colonial to deliver fuel.

William Altman, cyber security consultant at CyberCube, said: “Colonial is a taste of what is to come. Both criminal ransomware operators and nation-state sponsored threat actors are increasingly turning their attention toward attacking SPoF. By going after SPoF criminal attackers will create maximum leverage to convince their victims to pay a ransom, and nation-state actors will use SPoF as a jump-off point into adjacent systems for conducting espionage and other information operations. While we have yet to see a true accumulation catastrophe event in cybersecurity, the writing is on the wall. Recent attacks on SPoF like SolarWinds, Microsoft Exchange, and Colonial Pipeline indicate clearly the direction the industry is headed.

“It should now be abundantly clear to the insurance industry that cyber attacks with catastrophic scope – and the potential for catastrophic losses – are no longer just science-fiction. In 2021, it will be widely acknowledged that a rigorous and structured approach to cyber risk accumulation management is now a prerequisite and a necessity for all re/insurers.”

Colonial discovered its IT systems had been hacked on 7th May. Prior to that date, CyberCube’s underwriting tool, Account Manager, had already identified and flagged several high-risk signals for the Colonial Pipeline including malware infections and the potential for a remote user to gain access to Colonial’s network through an Open RDP Port, which is one of the most common ransomware attack vectors.

    Share Story:

Recent Stories


Financial institutions were early adopters of cyber security and insurance. Are they still on top of the game?
Managing huge amounts of sensitive data online makes financial institutions a prime target for hackers. As such, the sector was an early cohort for insurers in creating cyber cover. Since then, the market has evolved almost beyond recognition. It continues to challenge itself to this day, complying with rigorous regulatory demands and implementing avant-garde enhancements to keep abreast of the ever-changing risks.

Manufacturing: An industry at risk amid great technological change
Of the many sectors of business, manufacturing companies are among the most at risk from cyber threats. How has the sector evolved to make it so vulnerable and what does the task of managing cyber exposure in a manufacturing company look like? CIR’s latest podcast with Tokio Marine HCC sought to answer all these questions and more. Published April 2021

Advertisement