United States: Colonial pipeline: How hackers exploited a password policy issue
To print this article, all you need to do is register or log in to Mondaq.com.
A single password on an old, unprotected account – that’s all that hackers needed to cripple the largest fuel pipeline in the United States.
The account was no longer in use at the time of the attack, but the compromised password still worked – and without further security measures, Colonial Pipeline was defenseless to the hackers who had accessed its systems on May 7, 2021. Two days later, the federal government in 17 states and Washington, DC declared a state of emergency due to soaring gasoline prices, panic buying, and thousands of empty gas stations on the east coast after Colonial shut down pipelines to contain the cyberattack. After a six-day shutdown and a $ 4.4 million ransom to the attackers, Colonial’s systems went back online. However, as high-profile cyberattacks and ransom payments provide incentives for other potential hackers, similar ransomware attacks are likely to become even more common in the future.
Cyber attacks are a critical security threat in the United States today. Payments to ransomware hackers totaled more than $ 350 million in 2020, up 311% from 2019. While security breaches are making headlines at large corporations, target most cyberattacks target small businesses, which are even less likely to adopt adequate cybersecurity measures. With many companies operating remotely due to the pandemic, the threat of cyberattacks has only got worse. The account used by the hackers in the Colonial attack was a virtual private network (VPN) account, a type of account commonly used to allow employees to remotely access their employer’s computer network.
However, basic cybersecurity standards may have foiled Colonial’s hackers. To avoid falling victim to a similar attack, organizations of all types and sizes should take the following basic security measures.
Make sure employees don’t reuse their passwords.
Colonial’s hackers didn’t need sophisticated software to guess the account’s password. A Colonial employee had used this password on several unrelated websites prior to the cyber attack. When one of these websites was compromised, hackers likely obtained the employee’s password and gave him everything he needed to access Colonial’s systems.
The security of complex, hard-to-guess passwords becomes worthless once that password is compromised and databases of millions of stolen passwords are offered for sale online. Preventing employees from reusing passwords across websites is one of the most important first steps in preventing a security breach.
Use multi-factor authentication.
After the colonial hackers gained access to a compromised account, no secondary security measures stood in their way. Therefore a multi-factor authentication is necessary. Two-factor authentication would involve the user entering something they know (also known as a username and password) and proving that they have an item (e.g. their phone). For example, after correctly entering their username and password, users will also need to enter a secondary security measure, such as a code that is sent to their mobile devices. While this won’t thwart every possible cyber attack, multi-factor authentication methods provide an additional layer of security that prevents malicious actors like the colonial hackers from wandering into an unprotected computer network with nothing more than a compromised password. President Biden’s Executive Order on Improving the Nation’s Cybersecurity urged business leaders to mandate the use of multi-factor authentication methods following the colonial attack.
Delete old accounts.
The compromised account used in the Colonial hack was tied to an inactive employee. However, the account itself remained active, which gave the attackers access to Colonial’s systems. To prevent this from happening, the company’s procedures for offboarding employees must include deleting the former employee’s accounts. This also applies to old accounts from systems that are no longer in use. Otherwise, that account will be a potential target for hackers forever.
Following the colonial attack and the White House ruling, companies should analyze their own systems and look for similar vulnerabilities that could be exploited. These proactive security measures are essential to protect corporate systems from attack. In addition to looking at their current cybersecurity practices, organizations should consider the legal implications of those cybersecurity practices. In a previous consultation on the Colonial Pipeline incident, Armstrong Teasdale’s privacy and data security attorneys discussed how companies can take proactive steps to prepare for potential cybersecurity attacks.
Laurel Scott also contributed to this advice.
The content of this article is intended to provide general guidance on the subject. Expert advice should be sought regarding your specific circumstances.
POPULAR ARTICLES ON: Technology Made in the United States