As early as May, Colonial Pipeline operations ceased after the ransomware attack. In just a few weeks, a cybersecurity executive order was in place, the ransom was paid, and the FBI even managed to recover most of the ransom.
But now that the attack vector has been exposed, the details show that ransomware is not the only problem that companies should worry about—the password is also.
Led by the cybercriminal group DarkSide, a cyber attack on the Colonial Pipeline forced the organization to suspend all operations on May 7, 2021 in response to this incident.
The gang demanded payment of ransom in exchange for decrypting company data. Colonial immediately notified the FBI and paid a ransom of $4.4 million. However, the FBI revealed that most of the money has been recovered.
After that, Colonial CEO Joseph Blount recently testified to the U.S. Senate Committee on Homeland Security and Government Affairs that, disappointingly, the attack occurred because a password was leaked.
The DarkSide gang was able to obtain the password for a VPN account that is no longer in use but is still active. The single-factor authentication method allows an attacker to access Colonial’s IT network and then access its sensitive data.
The incident highlighted several mistakes that are crucial for companies to avoid becoming victims of similar attacks-one is the lack of multi-factor or two-factor authentication.
This vulnerability is a clear example of how an IT-driven intrusion can shut down an OT environment. For organizations, especially those operating critical national infrastructure, the possibility and potential of ransomware attacks must be considered.
After the surge in corporate ransomware incidents in 2020, the growing risk highlights the need for every enterprise to assess its risk profile and resolve its security vulnerabilities, and formulate remedial policies. This needs to happen now.
Organizations also need to seriously consider increasing investment in network security to ensure good security “hygiene.”
Although Omdia’s 2021 ICT Enterprise Insights survey shows that 60% of manufacturing companies plan to increase investment in cybersecurity, which is promising, there are still 40% of companies. Although this group is a minority, it is maintaining or possibly reducing investment. High-profile attacks like colonial pipelines have highlighted significant risks, and companies must be more prepared. Proper security and hygiene require a layered approach, part of which is updating and maintaining passwords.
The CEO emphasized that the leaked password is not as easy to guess as “Colonial123”, but it has nothing to do with gaining access only by stealing it. When it comes to compromise, credentials are a huge risk factor. Verizon’s 2021 Data Breach Investigation Report (DBIR) emphasizes that most (61%) of data breaches are attributable to leveraged certificates.
The Colonial Pipeline attack clearly highlights the importance of a multi-layered network security approach, especially ransomware prevention; no matter how basic it seems, it cannot be left alone. Just a forgotten user account can provide all the opportunities an attacker needs.
Hollie works as a senior analyst on the Omdia team and has an in-depth understanding of the fascinating and fast-growing field of Internet of Things network security. Hollie has extensive experience in research.She started her career in the legal department, writing and researching for expert witnesses… View full resume