On April 29th, one of the largest fuel pipelines in the U.S, Colonial Pipeline Co. was hacked, which led to major shortages in fuel across the East Coast. New information came out this weekend regarding what may have led to the weak spot in Colonial Pipelines system resulting in the attack on their network. Apparently, an old account was not decommissioned correctly and still had access to the network by virtual private network (VPN). As a result, a hacker was able to obtain the password from the dark web and used their illicit access to demand cryptocurrency in return of the Colonial Pipeline system. Colonial paid the hackers $4.4 million in order to avoid confidential information from getting leaked.
Stewart Walts, Vice President of Managed IT Services, spoke on some of the main factors that played a role in the attack on Colonial Pipelines system. The first reason Walts gave was the lack of multi-factor authentication (MFA) in place. MFA is a method that requires users to provide two or more verification factors to get access into an account or resource. “No multi-factor authentication was in place so when the users' credential was found on the Dark Web, it gave an easy path in for the hackers to plan their real attacks.”, stated Walts. “If your organization isn't implementing multi-factor authentication, dark web monitoring and other security controls (like disabling old users), you may be next. There's no cure-all for cybersecurity, but these are basic aspects and part of a larger cybersecurity strategy.”
At Usherwood, we require all managed IT clients to have Multi-Factor Authentication because it is a simple, yet necessary step to block access from unauthorized users logging into an account. We also provide dark web monitoring for our clients. Simply put, we will send you an alert if one of your employees’ compromised credentials is found on the Dark Web. Once you receive the alert, the user can quickly have their account disabled or their password changed. It is imperative to have these two proactive security measures put in place to mitigate the risk of network breaches. If Colonial Pipeline had avoided this attack, they could have saved over 4 million dollars and perhaps more importantly, a heap of bad publicity! Not to mention the fuel shortages and panic that happened thereafter…