The Colonial Pipeline ransomware attack made headlines across the globe. The cybersecurity breach forced a week-long shutdown, forcing the average price of a gallon of gas beyond $3 for the first time since 2014. People lined up at gas stations in panic, causing shortages.
According to the FBI, DarkSide was responsible for the ransomware. DarkSide, of course, develops ransomware and leases its software for money or a percentage of the ransom fees. Colonial paid 75 bitcoins on the same day of the attack in ransom in order to resume operations as quickly as possible. At the time, 75 bitcoins were worth around $4.4 million but the value has fallen. To date, the FBI has recovered 63.7 bitcoins by going after the Bitcoin wallet that held the ransom.
How did they breach Colonial Pipeline?
Many people interested in hacking news and how hackers operate want to know: how did hackers get into Colonial Pipeline so easily? As it turns out, cybercriminals breached Colonial’s network security through a compromised password.
Speaking to U.S senators, the head of Colonial Pipeline, Joseph Blount, said that the hackers used a stolen password to get into Colonial Pipeline through a legacy Virtual Private Network (VPN) account. As you probably know, a good VPN service masks a user’s IP address and encrypts their data.
Unfortunately, most people new to remote working lack adequate anti-malware software, the right hardware, and essential cybersecurity training. For example, many employees aren’t aware that their passwords should be long and feature uppercase letters, lowercase letters, numbers, and alphabets. Additionally, their passwords should lack words, phrases, or dates.
Employers should also equip their staff with secured laptops and strictly designate office computers for work use only. They should also encourage employees to use corporate VPNs and firewalls to enhance network security.
How did the Colonial Pipeline hackers get the password?
In the case of the Colonial Pipeline attack, it seems like the staff were using adequate network security tools. Blount even says that the password wasn’t the problem: “It was a complicated password, I want to be clear on that. It was not a Colonial123-type password.”
So, what happened? Colonial Pipeline’s system’s primary weakness is that it didn’t employ 2FA (two-factor authentication). 2FA strengthens network security by requiring a second verification step, usually through a mobile phone text or email. With 2FA, it’s much harder for someone to breach an account with just the password.
When the system recognizes that the password entry is from a different geographical location or unknown device or lacks authentication cookies, the 2FA procedures kick in. Here, the system sends an authentication code to the user’s email or mobile phone number, which a hacker usually lacks access to.
The password itself was leaked with a batch of other passwords to the Internet’s underbelly, the dark web. However, it’s not yet clear how the hackers got the correct username for the password. Perhaps the employee used the same password on multiple platforms, and one of them was hacked. Ultimately, a sophisticated password is only one step towards sound cybersecurity. It’s also a good idea to guard passwords and change them immediately in the event of a breach.