The VPN apparently did not use multi-factor authentication
An analysis of the cyberattack on Colonial Pipeline found that hackers were able to access the company’s network using a compromised VPN password, bloomberg Reported. The hack resulted in a ransomware payment of $4.4 million, and resulted in Gas cost around $3 per gallon At US gas stations for the first time in many years.
According to cybersecurity firm Mandient, the VPN account did not use multi-factor authentication, allowing hackers to access Colonial’s network with a compromised username and password. It is unclear whether the hackers discovered the username or were able to trace it independently. The password was discovered among a batch of leaked passwords on the dark web, bloomberg Reported.
According to Mandient, the breach occurred on April 29, and was discovered on May 7 by a control room employee who had seen the ransomware note. This prompted the company to take the pipeline offline to contain the potential threat. About half of the fuel in the eastern US travels through the affected pipeline.
In response to the hack, the Transportation Security Administration issued a new policy implemented Pipeline operators are required to report cyberattacks to the government within 12 hours.
Colonial Pipeline CEO Joseph Blount scheduled to appear Before the House Committee on Homeland Security on June 9.