Colonial Pipeline CEO: Ransomware Attack Started via Pilfered Legacy VPN Account

  /     /     /  
Publicated : 23/11/2024   Category : security


Colonial Pipeline CEO: Ransomware Attack Started via Pilfered Legacy VPN Account


No multifactor authentication was attached to the stolen VPN password used by the attackers, Colonial Pipeline president & CEO Joseph Blount told a Senate committee today.



The recent ransomware attack that ultimately disrupted gasoline supply in parts of the Southeast last month started with the attackers somehow getting the password to an old VPN account, said the president and CEO of Colonial Pipeline in testimony today to the Senate Committee on Homeland Security and Governmental Affairs.
In the case of this particular legacy VPN, it only had single-factor authentication, Joe Blount told the committee. It was a complicated password — I want to be clear on that. It was not a Colonial123-type password.
He confirmed that the VPN was not protected with multifactor authentication and that the company still does not know how the attackers were able to access the account.
Although the investigation is ongoing, we believe the attacker exploited a legacy virtual private network (VPN) profile that was not intended to be in use. We are still trying to determine how the attackers gained the needed credentials to exploit it. We have worked with our third-party experts to resolve and remediate this issue; we have shut down the legacy VPN profile, and we have implemented additional layers of protection across our enterprise, Blount said 
in his testimony
.
The company first discovered a ransom note on its IT network at 5:00 a.m. Eastern time on May 7, which led to the decision to shut down pipeline operations to isolate the malware from hitting the industrial network, he said. 
In a surprising turn of events, the Department of Justice yesterday said it had 
seized 63.7 bitcoins — valued at $2.3 million
 — of the total ransom the gas company paid to the so-called DarkSide gang behind the ransomware attack to decrypt the locked IT systems.
Read more 
here


Last News

▸ Some DLP Products Vulnerable to Security Holes ◂
Discovered: 23/12/2024
Category: security

▸ Scan suggests Heartbleed patches may not have been successful. ◂
Discovered: 23/12/2024
Category: security

▸ IoT Devices on Average Have 25 Vulnerabilities ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Colonial Pipeline CEO: Ransomware Attack Started via Pilfered Legacy VPN Account