Security News > 2021 > June > Hackers Breached Colonial Pipeline Using Compromised VPN Password

The ransomware cartel that masterminded the Colonial Pipeline attack early last month crippled the pipeline operator's network using a compromised virtual private network account password, the latest investigation into the incident has revealed.

The VPN login was unused but active at the time of the attack, the report said, adding the password has since been discovered inside a batch of leaked passwords on the dark web, suggesting that an employee of the company may have reused the same password on another account that was previously breached.

The FireEye-owned subsidiary is currently assisting Colonial Pipeline with the incident response efforts following a ransomware attack on May 7 that led to the company halting its operations for nearly a week.

DarkSide, the cybercrime syndicate behind the attack, has since disbanded, but not before stealing nearly 100 gigabytes of data from Colonial Pipeline in the act of double extortion, forcing the company to pay a $4.4 million ransom shortly after the hack and avoid disclosure of sensitive information.

The Colonial Pipeline incident has also prompted the U.S. Transportation Security Administration to issue a security directive on May 28 requiring pipeline operators to report cyberattacks to the Cybersecurity and Infrastructure Security Agency within 12 hours, in addition to mandating facilities to submit a vulnerability assessment identifying any gaps in their existing practices within 30 days.

The disruptive power of the ransomware pandemic has also set in motion a series of actions, what with the U.S. Federal Bureau of Investigation making the longstanding problem a "Top priority." The Justice Department said it's elevating investigations of ransomware attacks to a similar priority as terrorism, according to a report from Reuters last week.

News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/fP-z9gej5ZA/hackers-breached-colonial-pipeline.html