The compromised VPN (opens in new tab) password that allowed DarkSide operators to get into Colonial Pipeline (opens in new tab)’s network had been used on multiple websites, according to new insights into the attack.
The revelation was made by Charles Carmakal, senior vice president and CTO at Mandiant, which is the incident response division of cybersecurity (opens in new tab) firm FireEye that has been roped in to assist with the investigation into Colonial’s ransomware (opens in new tab) attack.
Carmakar further shared that the password (opens in new tab) was “relatively complex….in terms of length, special characters and case set” as he addressed (opens in new tab) a House Committee on Homeland Security hearing on the cyberattack, together with Colonial Pipeline’s CEO, Joseph Blount.
- Here’s our list of the best password managers (opens in new tab)
- We’ve also rounded up the best security keys (opens in new tab)
- These are the best password generators (opens in new tab)
Mandiant had earlier shared (opens in new tab) that equipped with the password the Colonial attackers wouldn’t have faced much resistance logging into the network, as the VPN account didn’t use multi-factor authentication (MFA (opens in new tab)).
Security experts have reiterated that using single passwords no longer counts as an effective strategy to prevent break-ins, and are pretty much useless without additional layers of security implemented by the use of MFA.
“Even the strongest, most complex passwords can be found living on the dark web, and without MFA these attacks will continue to occur,” Patrick Tiquet, VP of Security at Keeper Security (opens in new tab) tells TechRadar Pro.
He further adds that liability, either in the form of a duplicated password or a former employee maintaining account access after departing the company, is around every corner, and that “proper password hygiene is paramount in eliminating occurrences of attacks” like Colonial’s.
From a wider perspective, Tiquet believes that while the new ransomware guidance (opens in new tab) of the Cybersecurity and Infrastructure Security Agency (CISA) helps businesses respond to a ransomware attack, their focus should still be on proactive protection.
“Additional effective preventative measures include disabling unnecessary access, isolating networks, keeping current on patches, enforcing least-privileges, and maintaining offline backups of important data,” says Tiquet listing some of the best practices that business should adopt to shield themselves from such attacks.
- Protect your devices with these best antivirus software (opens in new tab)