It has been reported that the Pipeline hack that took down the largest fuel pipeline in the United States and led to fuel shortages across the whole of the East Coast was the result of a single compromised password that was leaked on the Dark Web through a data breach.
On April 29th 2021, hackers gained access to the network of Colonial Pipeline Co. via a Virtual Private Network (VPN) connection that allowed the hacker remote access to the corporate network. It is reported that the VPN did not require Multi-Factor Authentication (MFA) but instead relied solely on a username and password combination to gain access.
Adding to this issue is the fact that it has been revealed that the user credentials used for the attack were discovered inside a batch of leaked passwords that were readily available via the Dark Web.
It is well documented what massively negative effect the network breach had on both the company and also its ability so supply fuel to the East Coast of the USA.
The first issue here is the lack of Multi-Factor Authentication (MFA) on the VPN. Never, ever have a public-facing system such as a VPN without using MFA. If you do, you are welcoming an attack as a simple username and password combination is all that is between the outside world and your corporate network! You are solely at the mercy of your password policy and lockout thresholds and theoretically handing the keys to the castle to your users to ensure they follow the guidelines!
Pentest People offer a full VPN Configuration Service that would have picked up this issue along with many others for common configuration errors for all major VPN technologies.
The second issue is the availability of leaked credentials on the Dark Web. The Dark Web has quickly become the go-to place where cybercriminals exchange stolen data such as user credentials, personal information, credit/debit cards, and much more.
Pentest People have released an innovative Dark Web Monitoring Service as a way to offer customers peace of mind that any mention of their brand or specific data assets have not been compromised in a data breach and are not readily available on the Dark Web.
If you are not proactively scanning the Dark Web for references to your brand and data assets then you are leaving yourself open to the ramifications of a serious data breach without your knowledge.
So, in conclusion, it would appear that Colonial Pipeline Co. has fallen foul to quite a simple attack that was totally preventable by ensuring some simple configuration standards had been followed along with using a Dark Web Scanning service similar to that offered by Pentest People.