One password was the cause for a major breach to the Colonial Pipeline. A VPN account that was no longer in use by the Colonial Pipeline company is what gave threat actors remote access to the network.
The password used was found within a batch of leaked passwords on the dark web. This attack proves the importance of password security. Change them often and use multi factor authentication. Following these simple steps could have prevented this catastrophic ransomware attack.
Security researchers see the password leaks as a major issue due to their low cost and easy access on the dark web. It’s evident these attacks will increase as long as the passwords remain available to malicious threat actors.
As for the aftermath of the attack, the Colonial Pipeline company decided to pay the requested ransom from DarkSide threat actors for about $4.4 million in Bitcoin. DarkSide operators mentioned they did not intend to necessarily knock out the operations of the pipeline but wanted to encrypt data for a financial gain. In a rare instance of ransom payment recovery, the FBI and Department of Justice were able to track down the wallet of the DarkSide operators and reportedly reclaimed $2.3 million of the bitcoin originally paid out.
At SpearTip, when a malicious actor, or anyone who is not authorized for an account, signs in, we are immediately notified and relay the information to our partners. This helps mitigate the misuse of passwords on your accounts and prevents unprivileged access. Changing your passwords often and using multi factor authentication is a great first step in improving your security posture but having a security firm with immense knowledge in threat prevention is the way to ensure you’re as protected as possible.
Our Security Operations Center operates 24/7 with certified, highly technical engineers on call solving issues for our partners. We understand how important it is for organizations to have more than your average antivirus tool. The human element in response to threats is what truly matters. The people carrying out these attacks on businesses are real, sophisticated actors, so combating them requires the same level of intelligence and cyber expertise.
Our team will continuously monitor environments 24/7 in our US based Security Operations Center. Our certified engineers work in unison with our proprietary endpoint detection and response tool, ShadowSpear®. This allows your organization to have a direct communication with our engineers at any moment and a completely transparent view of your risk profile.
If you think your organization has been breached, call our Security Operations Center at 833.997.7327.