How a Password on the Dark Web Caused a Gas Shortage

Is the hacking of critical infrastructure like the Colonial Pipeline a sign of the times, or is it the final warning of even more insidious ransomware attacks on the way?

The answer depends on who you ask because cybersecurity pros have sounded the alarm about the proliferation of ransomware for years.

Only now, it's a much easier sell after such a high-profile incident that propagated panic buying and gas shortages throughout the southeastern United States.

Still, how exactly did the hackers pull off such a brazen – if ultimately unsuccessful – cyberattack?

Unfortunately, the root of the problem is the same one that keeps surfacing: stolen passwords up for sale on the dark web, a readily preventable risk.

Did the Colonial Pipeline hackers get lucky?

First of all, to understand how the hack occurred, you should get the facts straight.

While the Russian-speaking cybergang Dark Side has received the lion's share of the publicity, they weren't the principal threat actors in this case.

Whoever struck the Colonial Pipeline simply used Dark Side's nasty ransomware-as-a-service platform to pull off the heist. For their part, Dark Side allegedly only received a percentage of the total ransom in question.

So, how did the actual hackers who infiltrated the Colonial Pipeline's network gain access?

The answer is fiendishly simple: a VPN password "found" on the dark web, not just any old email password. The hackers got their hands on sensitive VPN credentials, and they were on their way.

The final insult was that the VPN account didn't even have two-factor authentication enabled.

Still, the VPN connection into the Colonial Pipeline's network remained safely listed despite the employee no longer using the account. Whether or not it was a former employee or a current one, the result is the same: a severe compromise of administer-level credentials.

How to Create a Human Firewall at Your Business and Why You Need One

So, did the hackers get greedy?

Weak passwords or stolen passwords, the hackers nonetheless gained a foothold in critical infrastructure. They were able to move laterally, yet they didn't penetrate even more critical operations like the flow of gasoline through the pipe.

Interestingly, the cybercriminals essentially attempted a double-extortion that included stealing data and threatening to release it on the web if the ransom wasn't paid soon.

Data Breaches Everywhere - What you Need to Know

But the question is: did the hackers do the worst they could do, or did they miss out? They remained undetected once inside the network, but they apparently chose to snap off their ransom scheme rather than wait.

In short, the Colonial Pipeline got lucky the hackers weren't there to cause mayhem and havoc because they did, indeed, have that opening.

Will the next ransomware attackers be so antsy and sloppy? No one knows for sure, which is why this incident should be the final wake-up call.

A New Kind of Attack: Distributed Spam Distraction

What comes next with ransomware prevention?

Overall, the Colonial Pipeline hack highlights how dangerous it is to have relaxed password security. Creating a strong password is one thing; preventing it from reaching the dark web is another risk entirely.

5 Ways to Protect Your Email Accounts

The Colonial Pipeline hackers didn't necessarily pull off an extraordinary, super-sophisticated attack; they found the proper credentials and simply used them.

The good news is that policymakers and cybersecurity pros alike seemed united in their response, so moving forward, we'll see how officials can mitigate attacks.

Notwithstanding those underlying efforts, the proliferation of ransomware won't slow down anytime soon without further awareness of cybersecurity, especially with respect to something as elementary as password security. 

Learn more about Security Awareness Training

Blueteam Networks conducts free dark web scan checks for small to medium-sized businesses. Our dark web scan checks for your information among lists of stolen data, usually from data breaches. No dark web scan can cover the full amount of stolen information residing on the dark web, but it is a good place to start to find out if your data has been compromised. 

The best defense is a good offense! That's why Blueteam Networks offers our customers Dark Web Monitoring with any of our Blueteam 360 managed IT service plans.