Breached Colonial VPN password was complex, but reused

Colonial Pipeline had some poor password practices, senate hearing reveals

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

The compromisedVPNpassword that allowed DarkSide operators to get intoColonial Pipeline’s network had been used on multiple websites, according to new insights into the attack.

The revelation was made by Charles Carmakal, senior vice president and CTO at Mandiant, which is the incident response division ofcybersecurityfirm FireEye that has been roped in to assist with the investigation into Colonial’sransomwareattack.

Carmakar further shared that thepasswordwas “relatively complex….in terms of length, special characters and case set”as he addresseda House Committee on Homeland Security hearing on the cyberattack, together with Colonial Pipeline’s CEO, Joseph Blount.

Mandiant hadearlier sharedthat equipped with the password the Colonial attackers wouldn’t have faced much resistance logging into the network, as the VPN account didn’t use multi-factor authentication (MFA).

Password hygiene

Security experts have reiterated that using single passwords no longer counts as an effective strategy to prevent break-ins, and are pretty much useless without additional layers of security implemented by the use of MFA.

“Even the strongest, most complex passwords can be found living on the dark web, and without MFA these attacks will continue to occur,” Patrick Tiquet, VP of Security atKeeper SecuritytellsTechRadar Pro.

He further adds that liability, either in the form of a duplicated password or a former employee maintaining account access after departing the company, is around every corner, and that “proper password hygiene is paramount in eliminating occurrences of attacks” like Colonial’s.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

From a wider perspective, Tiquet believes that while thenew ransomware guidanceof the Cybersecurity and Infrastructure Security Agency (CISA) helps businesses respond to a ransomware attack, their focus should still be on proactive protection.

“Additional effective preventative measures include disabling unnecessary access, isolating networks, keeping current on patches, enforcing least-privileges, and maintaining offline backups of important data,” says Tiquet listing some of the best practices that business should adopt to shield themselves from such attacks.

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’sTechRadar Pro’sexpert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

Mozambique VPN usage soars as internet restrictions continue

Retail and tech firms are hackers' most wanted targets – here’s what you can do about it

Latest Google Pixel update includes surprise launch of Android 15’s best battery feature