Snynet Solution Logo
MON - SUN: 10 AM - 6 PM
+60 11 5624 8319

Blog

Breached Colonial VPN password was complex, but reused

Image Description

The compromised VPN password that allowed DarkSide operators to get into Colonial Pipeline’s network had been used on multiple websites, according to new insights into the attack.

The revelation was made by Charles Carmakal, senior vice president and CTO at Mandiant, which is the incident response division of cybersecurity firm FireEye that has been roped in to assist with the investigation into Colonial’s ransomware attack.

Carmakar further shared that the password was “relatively complex….in terms of length, special characters and case set” as he addressed a House Committee on Homeland Security hearing on the cyberattack, together with Colonial Pipeline’s CEO, Joseph Blount.

Mandiant had earlier shared that equipped with the password the Colonial attackers wouldn’t have faced much resistance logging into the network, as the VPN account didn’t use multi-factor authentication (MFA).

Password hygiene

Security experts have reiterated that using single passwords no longer counts as an effective strategy to prevent break-ins, and are pretty much useless without additional layers of security implemented by the use of MFA.

“Even the strongest, most complex passwords can be found living on the dark web, and without MFA these attacks will continue to occur,” Patrick Tiquet, VP of Security at Keeper Security tells TechRadar Pro.

He further adds that liability, either in the form of a duplicated password or a former employee maintaining account access after departing the company, is around every corner, and that “proper password hygiene is paramount in eliminating occurrences of attacks” like Colonial’s. 

From a wider perspective, Tiquet believes that while the new ransomware guidance of the Cybersecurity and Infrastructure Security Agency (CISA) helps businesses respond to a ransomware attack, their focus should still be on proactive protection.

“Additional effective preventative measures include disabling unnecessary access, isolating networks, keeping current on patches, enforcing least-privileges, and maintaining offline backups of important data,” says Tiquet listing some of the best practices that business should adopt to shield themselves from such attacks.

Date

10 Jun 2021

Sources


Share


Other Blog

  • Immersive entertainment will provide the cut through brands need

    Entertainment brands are fighting for the attention of a fatigued, dispirited audience and facing an increasingly shallow pool of opportunity as people grapple with stay at home orders.

    Read More
  • 5 steps to help you recover after identity theft

    Follow these steps to help get back on track after falling victim to identity theft or ID fraud.

    Read More
  • Speech-to-text apps: what to look for in dictation software

    Tired of typing? Give your fingers a break with these extremely useful speech-to-text apps.

    Read More
  • Acer launches Nitro 5 with 11th Gen Intel Core H-series processors

    Nitro 5 allows users to enjoy AAA title games at an affordable price point and will be available from Acer exclusive stores, Acer online store, and Amazon.

    Read More

Find Out More About Us

Want to hire best people for your project? Look no further you came to the right place!

Contact Us