Lessons from the Colonial Pipeline Hack

In May this year, criminals performed a successful cyberattack on a large US organisation called Colonial Pipeline. Colonial Pipeline supply oil (or gas in the US) to 45% of the eastern seaboard of the USA. 

In May this year, criminals performed a successful cyberattack on a large US organisation called Colonial Pipeline. Colonial Pipeline supply oil (or gas in the US) to 45% of the eastern seaboard of the USA.  As a result of the attack, the company was forced to shut down it’s supply of gas entirely. This was the first time in the 57 year history of the company that they were forced to do so.

How the hack took place

It took a few days to resolve the cyber incident and bring systems back online.  During that time the public responded to the lack of gas with panic, and people started hoarding gas in any type of container they could, including plastic bags.  The end result of this was extremely dangerous for everyone.  The public reputation of the company was also severely damaged.

Initially it was thought that the hackers had gotten into their systems via unpatched servers.  However, since the attack, investigations have revealed how the criminals hacked into the environment.  First, they found one user’s account and password on the dark web. That account was no longer in use but was still active (most likely a user that had left the company). With this information, they tried various methods to gain access to the organisations network remotely.  They discovered that they could VPN in as that user, and from there had full access to the resources within the corporate network to conduct their criminal activities.

The investigation also revealed that there was no 2-factor authentication on that user’s account. This alone would have prevented the credentials from accessing the network, and stopped the criminals.

So – what should business owners and IT Admins learn from this case?

Key learnings from the Colonial Pipeline hack

  1. ALWAYS disable user accounts for users that have left. Have it part of your user exit procedure to not only disable the account, but change the user’s password to something random. In addition to that, conduct a periodic review of all accounts to ensure that only valid accounts still have access to your network.
  2. 2 Factor Authentication should be absolutely mandatory for all access to company resources. It’s an extra step for users to be able to access the system, but it will help protect the business from users that use the same password on multiple sites.

Do not underestimate the flow on effect of a hack of your organisation’s IT systems.  Consider not just the direct loss of business that would occur but also the effect on the wider community if you were involved in a cyber attack.

If you’d like to discuss these concepts further, let us know. We’d be very happy to help you better protect your network environment.

Orro’s team of certified professionals are here to help, get in touch today

Related Insights

3 November 2021

Secure Workspace for Businesses in the New Normal

As the COVID-19 pandemic forever changes the way we work, it’s vital to ensure that your people can remain productive working from anywhere, on any device, without compromising on security.
7 April 2022

VPN vs SASE in the Age of Remote Work

As work from home mandates scattered employees to the wind, the COVID-19 pandemic highlighted the dangers for businesses in over-relying on Virtual Private Networks to allow their staff to securely work remotely.
14 February 2023

Orro and TAFE Collaborate for Cyber Security Certification Course

Across Australia, around 18,000 graduates are currently required annually, to fill vacancies in cyber security. Within this rapidly growing industry, the need for job-ready graduates has never been higher, with demand outstripping the number of graduates each year.