TECHNOLOGY
COLONIAL PIPELINE HACKED WITH
SINGLE PASSWORD
The cyberattack shut down 5,500 miles of pipeline and cost the company nearly $ 5 million to regain access to its systems .
By : Annemarie McPherson
AGENTS COUNCIL FOR TECHNOLOGY .
Check out these member resources :
• Agency Cyber Guide 3.0
• Agency Cyber-Readiness Self-Assessment
• Customer Experience Self-Assessment Visit independentagent . com / ACT to learn more !
The hackers who launched last month ' s cyberattack against Colonial Pipeline and disrupted fuel supplies to the Southeast U . S . were able to get into the system by stealing a single password , Joseph Blount , Colonial Pipeline CEO , told the U . S . Senate .
Blount testified before a U . S . Senate committee that the attack occurred using a legacy Virtual Private Network ( VPN ) system that did not have multi-factor authentication , meaning it could be accessed through a password without a second step , such as a text message .
“ In the case of this particular legacy VPN , it only had singlefactor authentication ," Blount said . “ It was a complicated password ; I want to be clear on that . It was not a Colonial123-type password ."
The Senate panel was convened to examine threats to critical U . S . infrastructure and the Colonial attack , which shut key conduits delivering fuel from Gulf Coast refineries to major East Coast markets .
After learning it was the victim of a cyberattack on May 7 , 2021 , Colonial Pipeline shut down 5,500 miles of pipeline . It paid the hackers 75 Bitcoin — nearly $ 5 million — to regain access to its systems . The FBI has attributed the hack to a gang called DarkSide , which issued a veiled apology for its impact after the hack .
On Monday , the U . S . Justice Department announced it had recovered $ 2.3 million of the cryptocurrency ransom . Even after regaining access to their systems , the company is still recovering from the attack and is bringing back
19