Lessons from the Colonial Pipeline Hack

In May this year, criminals performed a successful cyberattack on a large US organisation called Colonial Pipeline. Colonial Pipeline supply oil (or gas in the US) to 45% of the eastern seaboard of the USA. 

In May this year, criminals performed a successful cyberattack on a large US organisation called Colonial Pipeline. Colonial Pipeline supply oil (or gas in the US) to 45% of the eastern seaboard of the USA.  As a result of the attack, the company was forced to shut down it’s supply of gas entirely. This was the first time in the 57 year history of the company that they were forced to do so.

How the hack took place

It took a few days to resolve the cyber incident and bring systems back online.  During that time the public responded to the lack of gas with panic, and people started hoarding gas in any type of container they could, including plastic bags.  The end result of this was extremely dangerous for everyone.  The public reputation of the company was also severely damaged.

Initially it was thought that the hackers had gotten into their systems via unpatched servers.  However, since the attack, investigations have revealed how the criminals hacked into the environment.  First, they found one user’s account and password on the dark web. That account was no longer in use but was still active (most likely a user that had left the company). With this information, they tried various methods to gain access to the organisations network remotely.  They discovered that they could VPN in as that user, and from there had full access to the resources within the corporate network to conduct their criminal activities.

The investigation also revealed that there was no 2-factor authentication on that user’s account. This alone would have prevented the credentials from accessing the network, and stopped the criminals.

So – what should business owners and IT Admins learn from this case?

Key learnings from the Colonial Pipeline hack

  1. ALWAYS disable user accounts for users that have left. Have it part of your user exit procedure to not only disable the account, but change the user’s password to something random. In addition to that, conduct a periodic review of all accounts to ensure that only valid accounts still have access to your network.
  2. 2 Factor Authentication should be absolutely mandatory for all access to company resources. It’s an extra step for users to be able to access the system, but it will help protect the business from users that use the same password on multiple sites.

Do not underestimate the flow on effect of a hack of your organisation’s IT systems.  Consider not just the direct loss of business that would occur but also the effect on the wider community if you were involved in a cyber attack.

If you’d like to discuss these concepts further, let us know. We’d be very happy to help you better protect your network environment.

Orro’s team of certified professionals are here to help, get in touch today

Related Insights

18 January 2024

How to Prepare for a Connected and Secure 2024

As we step into 2024, the ongoing integration of technology is bringing both unparalleled connectivity and even greater security risks.
22 May 2024

Cybersecurity lessons from the financial sector: Unpacking decades of defence

For decades, the financial sector has been a prime target of cyber-attacks, a trend that started well before the recent spike in data breaches across other industries. To keep pace with the evolving tactics of cyber criminals, financial institutions have had to continuously hone their cyber defence mechanisms. Orro’s Director of Cyber Services, Manuel Salazar, offers insights into what SMEs can learn from a sector that’s become battle-hardened in the face of relentless cyber threats.
23 February 2022

How COVID Drove Digital Transformation for Businesses

From the way we work and shop, to the way we deliver essential services, the COVID-19 pandemic has reshaped the way Australians do business.