Colonial Pipeline ransomware attack linked to a single VPN login


Last month’s oil pipeline ransomware incident that spurred fuel shortages/hoarding and a $4.4 payout to the attackers has apparently been traced back to an unused but still active VPN login. Mandiant exec Charles Carmakal told Bloomberg that their analysis of the attack found that the suspicious activity on Colonial Pipeline’s network started April 29th.

While they couldn’t confirm exactly how the attackers got the login, there apparently isn’t any evidence of phishing techniques, sophisticated or otherwise. What they did find is that the employee’s password was present in a dump of login shared on the dark web, so if it was reused and the attackers matched it up with a username, that could be the answer to how they got in.

Then, a little more than a week later a ransom message popped up on Capital Pipeline’s computer screens and staff started shutting down operations. While this is just one in a never-ending string of similar incidents, the impact of the shutdown was great enough that Capital Pipeline’s CEO is scheduled to testify in front of congressional committees next week, and the DoJ has centralized ransomware responses in a manner similar to the way it deals with terrorism cases.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.



Source link

More from author

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Related posts

Advertismentspot_img

Latest posts

Do you plan your makeup in advanced?

Comments that do not adhere to our comment policy may be removed. Discussion and debate are highly encouraged but we expect community members to participate respectfully. Please...

Ashley Kirkland’s Favorite Pen + Cosmetics Packaging

Ashley Kirkland joined Grizform Design Architects in 2017 and is their Director of Interior Architecture, responsible for managing hospitality projects through all phases...

No Mercedes exit clauses in Ocon’s new three-year F1 deal

Alpine announced on Wednesday that Ocon had agreed a new long-term deal that would keep him with the team until the end...

Want to stay up to date with the latest news?

We would love to hear from you! Please fill in your details and we will stay in touch. It's that simple!