Dissecting the Colonial Pipeline Attack: Illustrating the Weakness of Traditional Cybersecurity Methods

On May 7, a cyberattack on Colonial Pipeline forced the shutdown of the East Coast’s largest gasoline pipeline, disrupting gas supplies for several days. Cyberattacks have become increasingly common and this latest breach highlighted the vulnerability of the country’s critical infrastructure.

­­­While details on how the hackers were able to gain access to Colonial’s network have not been made public, it’s reported that the cybercriminal gang Darkside stole nearly 100 gigabytes of data before Colonial’s computers were secured. Colonial was threatened that the stolen data would be leaked to the internet while the information that was encrypted by the hackers on computers inside the network would remain locked unless it paid a ransom.

Ransomware attacks commonly use malware to lock companies out of their own systems until a ransom is paid. These attacks have been launched on everything from private businesses to the government to hospitals and health care systems. While all of these organizations could experience drastic effects if they are hacked, critical infrastructure appears to be emerging as one of the most vulnerable and financially impacted if targeted by groups or governments.

DarkSide runs what is effectively a "ransomware-as-a-service" business. It develops tools that help other criminal "affiliates" carry out ransomware attacks, wherein an organization's data is stolen and its computers locked, so victims must pay to regain access to their network and prevent the release of sensitive information. 

The attack is the latest in a series of cybersecurity issues confronting President Biden’s administration. To that end, last week, President Biden signed an Executive Order to strengthen the country’s cybersecurity defenses in hopes of reducing the number of attacks on the scale of Colonial Pipeline, SolarWinds and Microsoft Exchange. The Executive Order calls for the federal government and private sector to partner to confront “persistent and increasingly sophisticated malicious cyber campaigns” that threaten U.S. security. It also mandates several other steps aimed at modernizing national cybersecurity posture, including implementing multi-factor authentication (MFA) and encryption within a specific time period.

Given all these developments, how can companies responsible for our critical infrastructure prevent these attacks? One major step: upgrade their legacy security controls for ones that are more secure, are compliant with the guidelines of the Executive Order and are flexible to their specific needs. This includes:

Update and Advance Password-based Security

The 2021 Verizon Data Breach Investigations Report found that 61% of all breaches involved credential data such as leaked, stolen, or easy-to-guess passwords.

­People are password fatigued and overwhelmed by having to manage on average, 100 passwords. This leads them to reusing them at their own risk. In fact, 99% of enterprise users reuse passwords across their accounts, which means if a hacker were to crack one of their passwords, they could gain access to multiple accounts.

Despite this, many of our country’s critical infrastructure organizations still run on outdated security protocols, including password protection. Some of these organizations have adopted one-time password options, including hard tokens or printed tokens; however, they can be inconvenient because multiple uses results in lockouts if ever lost or stolen. Furthermore, like traditional passwords, they can be passed along to anyone and companies can not be sure who is accessing data.

 

Adopt Multi-factor Authentication (MFA) Methods

MFA requires end users to provide two or more verification factors and is an added layer of security on top of a single factor, such as a password. It often includes a personal identification number or user-generated password and outside verification such as a phone or credit card chip. For the highest level of security, organizations can add biometrics, which can identify the person who is accessing the data based on something they “are”. It is done via methods such as their fingerprint, retinal scan, palm scan or voice recording. The ultimate benefit of biometrics, beyond its confirmation of security, is its ease of use for end-users who don’t need to bring or remember anything except themselves.

Identity-Bound Biometrics (IBB) are a form of identification designed for remote workforces, third-party access, Customer IAM (CIAM), and passwordless workflows. Unlike other biometric methods which are bound to a certain device (mobile, computer, etc.), advanced IBB provides critical infrastructure organizations with greater confidence that their data and production is secure from threats with a biometric that is permanently bound to the user’s digital identity, offering the highest levels of integrity, accuracy, security, and availability.

While Colonial Pipeline was neither the first, nor the last, critical infrastructure company to be targeted by outside attacks, other organizations should take particular note of this threat in order to realize how vulnerable their own systems can be. The recent Executive Order on cybersecurity urged companies to adopt more advanced security features, including MFA. While each form of security including passwords, tokens, mobile authenticators and biometrics has its benefits, a holistic and flexible approach is best to ensuring data remains safe.

Learn more about how multi-factor authentication approaches differ from more traditional methods and how MobileAuth can support you today.

Tags: MFA, Multi-Factor Authentication, passwordless, multi-factor

BIO-key Team

Author: BIO-key Team