Reviewing the Colonial Pipeline hack lessons is essential for any modern business owner, as the events of May 2021 proved how a single digital vulnerability can lead to a national crisis. In this incident, criminals performed a successful cyberattack on a large US organisation called Colonial Pipeline. Colonial Pipeline supply oil (or gas in the US) to 45% of the eastern seaboard of the USA.
How the hack took place
It took a few days to resolve the cyber incident and bring systems back online. During that time the public responded to the lack of gas with panic, and people started hoarding gas in any type of container they could, including plastic bags. The end result of this was extremely dangerous for everyone. The public reputation of the company was also severely damaged.
Initially it was thought that the hackers had gotten into their systems via unpatched servers. However, since the attack, investigations have revealed how the criminals hacked into the environment. First, they found one user’s account and password on the dark web. That account was no longer in use but was still active (most likely a user that had left the company). With this information, they tried various methods to gain access to the organisations network remotely.
They discovered that they could VPN in as that user, and from there had full access to the resources within the corporate network to conduct their criminal activities. This reinforces one of the primary Colonial Pipeline hack lessons: your network is only as secure as your oldest, most forgotten account.
The investigation also revealed that there was no 2-factor authentication on that user’s account. This alone would have prevented the credentials from accessing the network, and stopped the criminals. When we look at Colonial Pipeline hack lessons, the absence of MFA stands out as the single most preventable failure.
Key learnings from the Colonial Pipeline hack
So – what should business owners and IT Admins learn from this case? To protect your own infrastructure, these Colonial Pipeline hack lessons should be prioritised:
- ALWAYS disable user accounts for users that have left. Have it part of your user exit procedure to not only disable the account, but change the user’s password to something random. In addition to that, conduct a periodic review of all accounts to ensure that only valid accounts still have access to your network.
- 2 Factor Authentication should be absolutely mandatory for all access to company resources. According to the Australian Cyber Security Centre, implementing MFA is one of the most effective ways to protect your business. It’s an extra step for users to be able to access the system, but it will help protect the business from users that use the same password on multiple sites.
[Image of Multi-factor authentication process]
Do not underestimate the flow on effect of a hack of your organisation’s IT systems. Consider not just the direct loss of business that would occur but also the effect on the wider community if you were involved in a cyber attack. The Colonial Pipeline hack lessons show us that a digital breach can quickly become a physical and social crisis.
Furthermore, it was reported that Colonial Pipeline paid nearly $5,000,000 USD in ransom to regain access, only to find the decryption tools provided by the hackers ran so slowly they had to rely on their own backups anyway. This is another of the critical Colonial Pipeline hack lessons: paying the ransom is never a guaranteed or efficient fix.
If you’d like to discuss these concepts further, let us know. We’d be very happy to help you better protect your network environment by applying these Colonial Pipeline hack lessons to your specific business needs.
Orro’s team of certified professionals are here to help.
Don’t wait for a breach to find your vulnerabilities. Get in touch today to see how we can secure your network using the latest industry standards and Colonial Pipeline hack lessons.
