How Was Colonial Pipeline Hacked/Breached? Because of One Single Employee’s Compromised Password
That’s all it takes, and usually what it comes down to.
Passwords.
As the founding contemporary lyrical wordsmith members of Wu-Tang would say, “Protect ya neck!“. Because without it, you’ll lose your head. Same with passwords!
Protect ya passwords!!!
All a malicious actor would need is a password to an account, and just like that (*finger snap!*), you’ve invited them in, like welcoming Count Dracula through your front door for Sunday dinner.
So, Colonial, right…here’s the latest.
After an analysis of the cyberattack on Colonial Pipeline, investigators suspect that hackers obtained the password from the dark web (think a marketplace for illicit activity) where such info is available for the right price. the password was discovered among a batch of passwords leaked to the dark web. This info is usually from previous and unrelated hacks. Bad guys put this on the web (the dark web) for other bad guys for use. (Another reason to frequently update passwords using a secure system.)
The hack that took down the largest fuel pipeline in the U.S. and led to shortages across the East Coast was the result of a single compromised password, according to a cybersecurity consultant who responded to the attack.
Hackers gained entry into the networks of Colonial Pipeline Co. on April 29 through a virtual private network account, which allowed employees to remotely access the company’s computer network, said Charles Carmakal, senior vice president at cybersecurity firm Mandiant, part of FireEye Inc., in an interview. The account was no longer in use at the time of the attack but could still be used to access Colonial’s network, he said.
via Bloomberg
But, to add insult to injury, the account wasn’t secured with MFA or 2FA, a secondary sign-in mechanism to help further authenticate a user.
Cybersecurity firm Mandiant, the forensic division of FireEye, found out that MFA wasn’t used.
The VPN account, which has since been deactivated, didn’t use multifactor authentication, a basic cybersecurity tool, allowing the hackers to breach Colonial’s network using just a compromised username and password. It’s not known how the hackers obtained the correct username or if they were able to determine it on their own.
via Bloomberg
While many in the cybersecurity industry are no doubt doing a HARD face-palm at such a basic mistake, it’s also very important to HIGHLIGHT THIS TO EVERYONE IN ORDER TO RAISE AWARENESS ON THE BASICS OF SECURITY MEASURES WHICH ALL INDIVIDUALS SHOULD BE AWARE OF AND ACTIVELY USING in order to help prevent breaches. Will that prevent every breach??? No. Will it help put a dent in the incredibly lucrative & incredibly growing ransomware cybersecurity attacks? Yes, and at this point the situation is critical. But unfortunately it may take still more hostile and ramped up attacks before everyone as a whole takes responsibility for their and thus each others cybersecurity.