The incident of Colonial Pipeline is considered one of the cyber attacks against critical infrastructure most dangerous American in history. It is also a sample of everything there is nothing to do in computer security, like using outdated software without updating or paying extortionists.
Colonial Pipeline has the largest pipeline network in the United States. It supplies almost half of the liquid fuels consumed by the East Coast of the United States. Its closure after the Ransomware attack (the first across the network in the company’s 57-year history), affected 18 states, caused supply shortages, panic purchases, price rises and movement in crude futures. Such was its severity that The president of United States signed an executive order designed to strengthen America’s cybersecurity defenses.
Colonial Pipeline: just one password
As in most cyberattacks, we do not know the whole history of the case. Affected companies tend to tiptoe with it, for safety, but also to try to stop the reputational loss caused by these incidents. Of course, the culprits are cybercriminals, but the responsibility extends to companies that surely have not invested the necessary in taking care of their assets. The ease of breaching cybersecurity in some cases has been incredible. The Colonial Pipeline thing goes there.
The Ransomware attack was the result of a single compromised passwordaccording to one of the security consultants who responded to the incident.
Hackers gained access to Colonial Pipeline Co.’s servers on April 29 through the virtual private network account, which allowed employees to access remotely, assures Charles Carmakal, senior vice president of cybersecurity firm Mandiant (a FireEye subsidiary) in an interview.
The account was not in use at the time of the attack, but could still be used to access the Colonial network. The point is that the password to access that account has been discovered inside a batch of leaked passwords on the dark web. It is common that after a major data theft attack, the data ends up being leaked or sold on deep web sites.
According to the investigator, a Colonial employee would have used the same password to access the corporate VPN as the one used in some other service. The use of the same passwords for several services, you already know what it can cause: that once a service is hacked, the account is compromised for all the rest.
And even worse. The VPN service was not using multi-factor authentication. A mandatory and today basic tool in cybersecurity, allowing hackers to breach the Colonial network using only a compromised username and password.
Too many security bugs. Colonial made it very easy for criminals and it is incredible that it happens in a company that offers critical services in a vital infrastructure for the operation of a country. And he paid the extortionists $ 4.4 million in a decision that only makes the monster “fat”. We will have a lot more Ransomware to tell you about.