How One Compromised Password Caused Colonial Pipeline’s Shutdown From Ransomware
Colonial Pipeline, a company with a 2020 annual revenue of $1.32 billion, fell victim to a ransomware attack from a single compromised password. Despite spending $200 million over the past 5 years on total IT costs (including cybersecurity), the cybersecurity protections in place fell short and left the company vulnerable for a cyberattack. This article will explain two aspects of cybersecurity, multi-factor authentication and the dark web, that played a role in Colonial Pipeline’s ransomware attack. The aftershock of this ransomware attack reverberated through the southeast part of the country, shutting down a main gas supply line for the entire east coast. There were runs on gas stations causing shortages, and increased prices. When a cyberattack happens, it’s not just the company that feels the effects. Colonial Pipeline faces investigations, fines, lawsuits, reputational damage, lost revenue, and immense financial losses. This cyberattack is a national crisis! All this damage was caused by a single compromised password. Colonial Pipeline Chief Executive, Joseph Blount stated in his testimony to a U.S. Senate committee, “It was a complicated password, I want to be clear on that. It was not a Colonial123-type password.” Security experts don’t know the exact way the Colonial Pipeline password was compromised. However, most compromised passwords are easily accessible on the dark web, a black market for stolen credentials. What exactly is the dark web? The dark web is a portion of the internet that is only accessible to the most advanced internet users. There are some legitimate parts of the dark web, but the majority is illicit activity. You can purchase passwords for corporations, social media platforms, bank accounts, and any website needing a password. Credit card numbers, drugs, guns, and counterfeit money can also be purchased. It’s also possible to hire hackers or purchase a ransomware virus to attack a computer or network yourself. For a hacker, there’s endless possibilities with information available on the dark web. In the case of Colonial Pipeline, once they got hold of the compromised password, there was nothing holding them back. Multi-Factor Authentication Could’ve Stopped The Attack Once hackers got their hands on a compromised password for Colonial Pipeline’s system, they had unlimited access. The password was used for a legacy VPN (virtual private network) system that allows remote access to a computer or network. In the IT world “legacy” means an older version of a system that’s not been upgraded. In the case of this legacy VPN system, the only access required was through a password. Updated VPN systems operate with multi-factor authentication, an industry-recommended cybersecurity measure. In multi-factor authentication, another step is involved to be able to access a system. Typically, a cell phone text message code, key fob, or authentication app is used as the second layer of security. A person accessing a system with multi-factor authentication enabled needs BOTH the correct password, and the correct code from another source. Large Corporations and Small Businesses Face The Same Cybersecurity Risks There’s many differences between a large corporation like Colonial Pipeline and your business when it comes to cybersecurity. Colonial Pipeline has access to more financial resources and there was a nationwide impact from them shutting down. Government agencies sprang into action to come to their aid. If and when you are faced with a ransomware attack, you might have some support from local law enforcement however, you won’t have the same support from the FBI like Colonial Pipeline. Unfortunately, your business is equally at risk for hackers. Artificial intelligence and bots have multiplied threats previously perpetuated by individual hackers. Cyberattacks are systemized and prolific, meaning that every single computer and network is at risk. Hacking rings like Darkside are motivated by the huge rewards and financial gains from cyberattacks. It’s a VERY profitable business! Some business owners aren’t sure about where to start for cybersecurity. It can be overwhelming to think about all the different vulnerabilities facing your business, so they just push it off. Colonial Pipeline pushed off implementing a multi-factor authentication security step for their legacy VPN system. The first step to improving your cybersecurity strategy for your business is to get a baseline for your existing vulnerabilities. We offer free dark web scans for our clients to determine if any of their passwords are for sale on the dark web, so that they can be changed ASAP. Also, we offer free cybersecurity awareness training for our client’s employees so that they can be aware of risks of a cyberattack. As an owner of a 2nd generation family-owned business, I’m dedicated to helping entrepreneurs protect everything they’ve built. I’m offering a free dark web scan and cybersecurity awareness training to any business owner who wants to take a step towards protecting their business. It’s incredibly important for all business owners to learn lessons in cybersecurity from scary stories like the Colonial Pipeline hack.
Read More