Computerease

GET A QUOTE

Category: Business & Cybersecurity Insights

How One Compromised Password Caused Colonial Pipeline’s Shutdown From Ransomware

Colonial Pipeline, a company with a 2020 annual revenue of $1.32 billion, fell victim to a ransomware attack from a single compromised password. Despite spending $200 million over the past 5 years on total IT costs (including cybersecurity), the cybersecurity protections in place fell short and left the company vulnerable for a cyberattack. This article will explain two aspects of cybersecurity, multi-factor authentication and the dark web, that played a role in Colonial Pipeline’s ransomware attack. The aftershock of this ransomware attack reverberated through the southeast part of the country, shutting down a main gas supply line for the entire east coast. There were runs on gas stations causing shortages, and increased prices. When a cyberattack happens, it’s not just the company that feels the effects. Colonial Pipeline faces investigations, fines, lawsuits, reputational damage, lost revenue, and immense financial losses. This cyberattack is a national crisis! All this damage was caused by a single compromised password. Colonial Pipeline Chief Executive, Joseph Blount stated in his testimony to a U.S. Senate committee, “It was a complicated password, I want to be clear on that. It was not a Colonial123-type password.” Security experts don’t know the exact way the Colonial Pipeline password was compromised. However, most compromised passwords are easily accessible on the dark web, a black market for stolen credentials. What exactly is the dark web? The dark web is a portion of the internet that is only accessible to the most advanced internet users. There are some legitimate parts of the dark web, but the majority is illicit activity. You can purchase passwords for corporations, social media platforms, bank accounts, and any website needing a password. Credit card numbers, drugs, guns, and counterfeit money can also be purchased. It’s also possible to hire hackers or purchase a ransomware virus to attack a computer or network yourself. For a hacker, there’s endless possibilities with information available on the dark web. In the case of Colonial Pipeline, once they got hold of the compromised password, there was nothing holding them back. Multi-Factor Authentication Could’ve Stopped The Attack Once hackers got their hands on a compromised password for Colonial Pipeline’s system, they had unlimited access. The password was used for a legacy VPN (virtual private network) system that allows remote access to a computer or network. In the IT world “legacy” means an older version of a system that’s not been upgraded. In the case of this legacy VPN system, the only access required was through a password. Updated VPN systems operate with multi-factor authentication, an industry-recommended cybersecurity measure. In multi-factor authentication, another step is involved to be able to access a system. Typically, a cell phone text message code, key fob, or authentication app is used as the second layer of security. A person accessing a system with multi-factor authentication enabled needs BOTH the correct password, and the correct code from another source. Large Corporations and Small Businesses Face The Same Cybersecurity Risks There’s many differences between a large corporation like Colonial Pipeline and your business when it comes to cybersecurity. Colonial Pipeline has access to more financial resources and there was a nationwide impact from them shutting down. Government agencies sprang into action to come to their aid. If and when you are faced with a ransomware attack, you might have some support from local law enforcement however, you won’t have the same support from the FBI like Colonial Pipeline. Unfortunately, your business is equally at risk for hackers. Artificial intelligence and bots have multiplied threats previously perpetuated by individual hackers. Cyberattacks are systemized and prolific, meaning that every single computer and network is at risk. Hacking rings like Darkside are motivated by the huge rewards and financial gains from cyberattacks. It’s a VERY profitable business! Some business owners aren’t sure about where to start for cybersecurity. It can be overwhelming to think about all the different vulnerabilities facing your business, so they just push it off. Colonial Pipeline pushed off implementing a multi-factor authentication security step for their legacy VPN system. The first step to improving your cybersecurity strategy for your business is to get a baseline for your existing vulnerabilities. We offer free dark web scans for our clients to determine if any of their passwords are for sale on the dark web, so that they can be changed ASAP. Also, we offer free cybersecurity awareness training for our client’s employees so that they can be aware of risks of a cyberattack. As an owner of a 2nd generation family-owned business, I’m dedicated to helping entrepreneurs protect everything they’ve built. I’m offering a free dark web scan and cybersecurity awareness training to any business owner who wants to take a step towards protecting their business. It’s incredibly important for all business owners to learn lessons in cybersecurity from scary stories like the Colonial Pipeline hack.

Read More

Breakdown Of An Almost-Disastrous, Highly Targeted Email Phishing Attack

It’s most common to hear stories about businesses falling victim to a cyberattack and the devastating aftermath involved. This is a different type of story. It’s a detailed account of how a proactive cybersecurity solution, email SPAM filtering, saved the day for one of our clients targeted by an email phishing attack. Here’s the details of how it all worked. Hacked email at a vendor: A hacker breached the email account of one employee at vendor of our client (our client’s email was not breached).  We’ll refer to this vendor employee as Employee A. The hacker read through many different emails in Employee A’s account and determined which contacts would be most valuable to target. Hacker studied emails looking for his victims: Then, the hacker took time to carefully craft emails to Employee A’s key contacts that would be the most lucrative. This list included one of our client’s employees, we’ll refer to this person as Employee B. It’s important to realize that Employee A and Employee B have a long-standing history of working together and corresponding mostly by email about important matters regarding finances and employee data. Hacker carefully writes a phishing email: With a simple search of the compromised vendor email account for Employee A, the hacker knows the language and topics commonly emailed between vendor Employee A and our client Employee B. Since the hacker has access to the complete email history between these two individuals, writing a convincing email is very easy.  The only real difference between a legitimate email and the hacker’s version is one link. The hacker replaces a single link within the email from Employee A to Employee B with a malicious link.  The goal of the hacker’s email to Employee B is to convince Employee B to click on the malicious link, thereby infecting Employee B’s computer. Target is tricked by phishing email:  Because the hacker has control of Employee A’s email mailbox on an otherwise legitimate, trusted and spam-free email domain, the hackers email passes the initial spam filter tests for legitimacy and is delivered.  Employee B received the fake phishing email sent by the hacker, and because of their relationship with the now hacked Employee A, clicked on the malicious link. Why not, right? There were no red flags for Employee B. Employee A is a trusted and known person that sends regular emails. This most recent email was seemingly just another typical business email. This is exactly what makes this type of email so incredibly dangerous! Target clicks on link in phishing email: Employee B clicked the link in the email. Here’s the message Employee B saw on her screen after clicking the malicious link. SPAM email filter catches malicious link, disaster avoided: Employee B called us because she thought there was a problem and she needed to get the information in the malicious email from Employee A. We quickly looked into her problem and we were surprised with what we found. We realized that the link and email sent to Employee B at our client’s office was a highly targeted phishing email. Then, we celebrated when we realized that our email SPAM filter had worked exactly as designed to prevent disaster! Hacking activities discovered: We advised Employee B that this was in fact a fake phishing email and that the link was malicious. A short while later, Employee B received a call from the vendor and Employee A stating that her email account had been hacked. The hacker had been sending out fake phishing emails for at least a few hours, including the one sent to Employee B at my client’s office. Here’s what could’ve happened: Luckily for our client, we do have a number of other security layers in place which are designed to stop these types of infections.  Normally, the combination of these other layers is highly effective and likely the clients attempt to click on the malicious email link would have been blocked by their firewall, DNS filter or our advanced endpoint protection platform.  However, cybersecurity is a cat and mouse game of sorts.  Hackers just need to find one way to get their foot in the door, and if they do it can be game over for the hacker’s victim. For a company which is not properly protected, as our client was, this situation would likely have ended very badly.  They could have been compromised with ransomware which locked their entire computer or company network.  They could have banking credentials stolen which could lead to tens or hundreds of thousands of dollars being siphoned from their business bank accounts.  If they were in the healthcare industry, they could have had patient data stolen and been subject to significant government fines.  These are just a sampling of what could have happened if a client was not using the types of security measures that we recommend. If you are not confident that your business or organization is secure from cyber thieves, contact us for a free security assessment.

Read More

An IT Company That’s Older And Wiser Than Blockbuster

Did you have a laminated Blockbuster card in your wallet back in the day? It was a ticket to the latest entertainment options for you and your family. If you did have a Blockbuster card, you’ve likely shared a “back in the day” monologue. That story either earns you a groan and eye roll from younger folks or an eager friend to reminisce about the tragedy of your favorite movie being gone from Blockbuster’s shelves. My Blockbuster card, barcode and all, lived in my wallet many years ago, sitting next to my pager, which was a lifeline for Computerease clients to get a hold of me. I’ve been in this business a LONG time. In fact, Computerease was founded in 1984, one year before Blockbuster was established in 1985! There’s one thing that Blockbuster and Computerease have in common. Both technology and media are rapidly changing industries where businesses come and go with a blink of an eye. I’m very thankful that Computerease has a better track record than Blockbuster. At its height in 2004, Blockbuster had over 9,000 stores across the globe with an annual revenue of $5.9 billion. They were untouchable to their competitors, but things began to change in the early 2000s when Netflix came into play. A changing industry challenged the huge corporate structure of Blockbuster. In learning more about Blockbuster, I was surprised to discover that they had a chance to buy Netflix for a cool $50 million in 2000. Their leadership teams decided that it wasn’t a wise decision, something that would come back to haunt them only a few years later. Ultimately, Blockbuster couldn’t compete with Netflix mailed DVDs and streaming services. They filed for bankruptcy protection in 2010. Their reign was coming to an end. Blockbuster almost completely disappeared by 2014. The only trace of Blockbuster’s business is one remaining franchise store open in Bend, Oregon. It’s earned a cult-like status as the last Blockbuster, launched into notoriety from a recent documentary available to stream on Netflix. You can’t miss the irony in how things worked out. Netflix CEO Mark Randolph was a speaker at an industry conference I attended a few years ago. He shared details of the fateful meeting discussing the Netflix sale with Blockbuster’s then-CEO John Antioco. He spoke about the difficult times for Netflix before streaming existed and their revenue depended on mailed DVDs. Netflix’s future was hanging in the balance. They were losing money fast and the Blockbuster deal could be the financial lifeline they desperately needed. Randolph described Antioco’s attitude during the meeting as arrogant and dismissive. He saw the possibility of Netflix’s future as a complete joke. The Blockbuster CEO just about laughed in their face saying, “The dot-com hysteria is completely overblown.” He went on to say that online businesses weren’t sustainable and were doomed to fail. Obviously, John Antioco was wrong. Digital media companies have replaced brick and mortar video stores. Blockbuster’s ultimate downfalls were arrogance and inflexibility to adapt to the changing industry and customer demands. In contrast, Netflix rebounded from a difficult time and continually adapted to stay relevant. If there’s one guarantee in this world, it’s that things will change. And they will change quickly. In our 38 years of business, we’ve transitioned from Commodore 64 computers, to building customer computers for businesses needing their first computer ever, to now managing thousands of business computers remotely. Our clients trust us to take care of every aspect of their technology, from their networks, backups, remote workforce, VoIP phones, and cybersecurity. As an IT company and small businessowner, I know that there’s also always room for improvement. We’re following the path of businesses like Netflix that change and adapt as needed. I can’t imagine taking the arrogant and inflexible attitude of Blockbuster toward a changing industry and customer demands. We never would’ve survived through all the changes in the tech industry! If you don’t keep moving forward, your business will quickly fade into nostalgia with all the Blockbusters of the world. If Blockbuster executives were humble enough to listen to customers and adapt to a changing industry, they might’ve bought Netflix. The fate of their company would’ve been very different. The iconic yellow and blue logo might be streaming into millions of homes instead of the large red Netflix N.

Read More

Contact Us Today To
Schedule Your Discovery Call