Compromised Password, Lack of Two Factor Authentication Led to Colonial Pipeline Attack, Mandiant
FBI probes 100 types of ransomware, Severe VMware vulnerability under active exploitation, Latvian woman charged in Trickbot indictment, Colonial Pipeline attack spurs new phishing campaign, more
Stay tuned for new original content available to our premium subscribers only. Consider becoming a premium subscriber today.
Charles Carmakal, senior vice president at cybersecurity firm Mandiant, soon to be spun off its parent company FireEye, said that the ransomware attack on the Colonial Pipeline company was the result of a single compromised password of a virtual private network that gave employees that gave employees the ability to access the company’s network remotely.
The appearance of the password in a cache of leaked passwords suggests an employee reused it on other sites, a fundamental cybersecurity error. Moreover, the VPN did not use two-factor authentication, another fundamental violation of cybersecurity hygiene. (William Turton, Kartikay Mehrotra / Bloomberg)
Related: CRN, CNN.com - Politics, Engadget, DataBreaches.net, Slashdot
In a sign of increased, high-level government focus on ransomware threats, FBI Director Christopher Wray said the agency was investigating about …
Keep reading with a 7-day free trial
Subscribe to Metacurity to keep reading this post and get 7 days of free access to the full post archives.