Breached account led to Colonial Pipeline shutdown, cybersecurity firm says

The hackers got the password and the username, and the network did not require multifactor authentication

Hackers accessing a remote account with a single password were able to interrupt operations at Colonial Pipeline, one of the largest pipeline systems for refined oil products in the U.S., a cybersecurity expert says.

Criminals used a virtual private network account to access the company’s systems, Mandiant senior vice president Charles Carmakal told Bloomberg – and FOX Business confirmed with the company. The account was used to access the company’s systems on April 29.

The password to the account was discovered alongside other leaked data on the dark web, the company said, though it is not clear how hackers obtained the password or the username. 

Carmakal, who helped Colonial Pipeline with its response to the attack, said that the company’s network did not require multifactor authentication. 

After tracking the criminals’ movements within the system, executives at Mandiant believe the hackers did not reach other operating systems, including those that control the flow of fuel.

COLONIAL PIPELINE CEO TELLS WHY HE PAID HACKERS A $4.4M RANSOM

The pipeline was shut down on May 7, crippling supply to East Coast retailers, some of which rely heavily on Colonial Pipeline’s fuel. The company says it provides roughly half of fuel supplies for the East Coast.

The company paid $4.4 million in ransom to the hackers, who are believed to belong to the DarkSide criminal enterprise, which is likely based in Russia.

It took nearly a week for pipeline operations to fully resume, during which time some regions in the U.S. experienced fuel shortages, and the price of gasoline climbed.

GET FOX BUSINESS ON THE GO BY CLICKING HERE

Congress is expected to hold a hearing featuring Colonial Pipeline CEO Joseph Blount next week. The company has come under criticism from lawmakers who believe firms should not pay ransom to free their systems.

Earlier this week, the world’s largest meatpacker JBS suspended operations after it suffered a ransomware attack, which is believed to be linked to a group in Russia.

Load more..