Lessons from the Colonial Pipeline Hack

In May this year, criminals performed a successful cyberattack on a large US organisation called Colonial Pipeline. Colonial Pipeline supply oil (or gas in the US) to 45% of the eastern seaboard of the USA. 

In May this year, criminals performed a successful cyberattack on a large US organisation called Colonial Pipeline. Colonial Pipeline supply oil (or gas in the US) to 45% of the eastern seaboard of the USA.  As a result of the attack, the company was forced to shut down it’s supply of gas entirely. This was the first time in the 57 year history of the company that they were forced to do so.

How the hack took place

It took a few days to resolve the cyber incident and bring systems back online.  During that time the public responded to the lack of gas with panic, and people started hoarding gas in any type of container they could, including plastic bags.  The end result of this was extremely dangerous for everyone.  The public reputation of the company was also severely damaged.

Initially it was thought that the hackers had gotten into their systems via unpatched servers.  However, since the attack, investigations have revealed how the criminals hacked into the environment.  First, they found one user’s account and password on the dark web. That account was no longer in use but was still active (most likely a user that had left the company). With this information, they tried various methods to gain access to the organisations network remotely.  They discovered that they could VPN in as that user, and from there had full access to the resources within the corporate network to conduct their criminal activities.

The investigation also revealed that there was no 2-factor authentication on that user’s account. This alone would have prevented the credentials from accessing the network, and stopped the criminals.

So – what should business owners and IT Admins learn from this case?

Key learnings from the Colonial Pipeline hack

  1. ALWAYS disable user accounts for users that have left. Have it part of your user exit procedure to not only disable the account, but change the user’s password to something random. In addition to that, conduct a periodic review of all accounts to ensure that only valid accounts still have access to your network.
  2. 2 Factor Authentication should be absolutely mandatory for all access to company resources. It’s an extra step for users to be able to access the system, but it will help protect the business from users that use the same password on multiple sites.

Do not underestimate the flow on effect of a hack of your organisation’s IT systems.  Consider not just the direct loss of business that would occur but also the effect on the wider community if you were involved in a cyber attack.

If you’d like to discuss these concepts further, let us know. We’d be very happy to help you better protect your network environment.

Orro’s team of certified professionals are here to help, get in touch today

Related Insights

5 May 2021

The Importance of Cyber Security for Your Businesses

Security should never be considered an add-on for your business – it’s a critical base element! The reality of today’s world is that security is becoming the elephant in the room that must be discussed.
3 December 2024

Insights from Cisco Live Melbourne & Cisco Partner Summit

10 February 2022

What Is the Role of the Modern CTO?

The modern Chief Technology Officer can’t afford to be myopic and simply focus on technology, they need to look at the big picture in order to fully support the business.

Explore our Resources

ValidPro®
post
The EOFY IT Procurement Checklist: 5 Ways to Maximise Your IT Budget Before June 30
Critical Infrastructure
post
Why OT Visibility is the First Line of Defence Against Cyber Threats
Network
post
Navigating the Future of Enterprise Technology: Key Insights from Cisco ANZ CTO, Carl Solder
Cyber Security
post
Securing the Future: Preparing for the Quantum Threat in Cybersecurity 
Cyber Security
post
CyberCon 2024: Building Resilience Amidst Emerging Cyber Threats
Collaboration
post
Insights from Cisco Live Melbourne & Cisco Partner Summit