On the 7th May, the world learned of a hack took down a the ‘Colonial Pipeline’, which is the largest fuel pipeline in the US. Tens of millions of Americans rely on Colonial: hospitals, emergency medical services, law enforcement agencies, fire departments, airports, truck drivers and the traveling public and a halt in service from the ransomware attack led to nationwide ‘panic at the Gas/Petrol pumps’. Although the U.S. Government doesn’t advise paying the hackers, the company’s CEO authorized a $4.4m payment, as a means to restart the pipeline’s systems quickly and safely.…...Not bad for a weeks work.
After a little over a month and some forensics carried out by Mandiant of FireEye, we have learned that this was all possible due to a single compromised password of a Virtual Private Network (VPN) account, which allows employees to remotely access the company’s computer network. This VPN account was no longer in use, but it was still valid and left on by the organization and their IT Department.
We have also learned that the account’s password was found inside a large amount of leaked passwords on the ‘dark web’. It is thought that a former Colonial employee may have used the same password on another account that was previously hacked.
Lessons to be learned:
Multi factor Authentication needs to be enabled as extra protection for all computer assets.
IT Depts need to take greater responsibility for managing passwords for changed accounts.
Home workers need to be more secure than they are in the office
Organise your security 'proactively', not after a breach.
See if your email address have been breached here: https://haveibeenpwned.com/
At OCiSO, we provide:
Qualified and experienced information security specialists advise owners, boards, management and other stakeholders as members of the team.
OCiSO's Virtual Chief Information Security Officers:
Raise awareness within organisations and take responsibility for setting the Cyber Security agenda.
Respond to Cyber and Data Security incidents and breaches.
Manage cyber and data compliance.
Ensure ISO Certification and Audit readiness - ISO 27001, ISO 23301, ISO 9001 and Cyber Essentials Plus.
Our V-CISOs are supported by our legal, compliance and governance team experts to ensure we meet all of the IT and Data Security requirements of our clients.
Get in touch to find out more. www.OCiSO.co.uk