In this blog post, I go through a bit of a post-mortem about the Colonial Pipeline Hack and some of the details that have been released since the hack went public.
Quickly, if you're not up to speed on exactly what went down there, one of the largest pipelines providing gasoline to the East Coast fell victim to a ransomware attack where critical systems had their information encrypted. The pipeline had to be shut down for several days until the company paid the ransom and unlocked their data.
Basically, it was a big old mess, and it could have been avoided had they just taken some simple precautions.
Now that the incident has been dealt with, here are a few details that have emerged.
Colonial had a VPN that was exposed to the Internet with no secondary security. That's right, anyone on the Internet, as long as they had a correct username and password, could get into the network of a several hundred million dollar company and snoop around however they saw fit.
Additionally, the hackers got in using a username and password from an ex-employee found on the dark web. That's pretty wild. That means not only were this ex-employee's credentials freely floating around online, but the account of someone long gone was never properly terminated.
*SIGH* People, please don't let this happen to you.
Some very fundamental security practices could save you a world of hurt in the future.
First, throw two-factor authentication on everything. This means email, file sharing, and definitely something as all encompassing as VPN. To put it simply, two-factor authenticate all the things!
Second, accounts of ex-employees need to be disabled. As soon as they stop collecting a check, your IT team has to make sure their accounts are locked out.
Third, to be even more careful, regularly perform a dark web scan for your company's domain, and probably the personal accounts of key individuals. I'd say at least quarterly, or better yet, have a service that monitors this activity in real time. For a company providing the majority of gasoline to the eastern seaboard, there's no reason why they shouldn't have invested in such a tool.
So this particular incident, much like the many that came before it, and those that will come after it, could have been easily avoided had some simple steps been taken to better secure their environment. Information security requires a layered approach and unfortunately this time, the folks in charge dropped the ball.
This was a very quick overview, so keep an eye out for a more in-depth analysis of the Colonial Hack coming soon.
For now, here are the 3 key takeaways on how you can better protect yourself against modern cyberthreats:
1. Use two-factor authentication. This could help avoid probably 99.9% of today's hacks.
2. Disable unused accounts. Do I really need to say more here?
3. If at all possible, sign up for a Dark Web scan or monitoring service. If you're not checking there regularly, rest assure that those up to no good are.
And if you need help implementing these sort of technologies, please feel free to book a time via my Calendly link below.
STG IT Consulting Group proudly serves Greater Los Angeles and surrounding areas for all of your IT needs.
We look forward to meeting with you!