How a Cyber Attack Compromised the Colonial Pipeline

On April 29th, 2021, hackers gained access to the largest fuel line in the US. This hack on the Colonial pipeline resulted from a single compromised password in an account that was no longer active but still had access to the Colonial system.

While there was no evidence of any cybercriminals activity before April 29th, it wasn’t until an employee noticed a ransom note appear on a computer demanding cryptocurrency over a week later, at 5 am on May 7th, 2021, that the attack was noticed.

The cybercriminals behind this attack have also claimed responsibility for three other attacks, including a Brazilian battery firm, a Chicago-based tech company, and a British engineering firm. 

While these claims are yet to be confirmed as true, companies respond to these threats by working closely with IT security firms, such as engaging with a cybersecurity company in Houston to enhance their IT security.

How Exactly Did The Hack on the Colonial Pipeline Occur?

According to an analysis of the Colonial Pipeline cyberattack, the hackers could access the company’s network by using a compromised VPN password. According to  Charles Carmakal, senior vice president at the cybersecurity firm Mandiant, part of FireEye Inc, the VPN allowed employees to access the company’s computer network remotely.

Although exactly how the hackers were able to gain access is still up for debate, it is thought that a Colonial employee may have used the same password on a previously hacked account. The password for the account was later discovered in a batch of leaked passwords on the dark web.

Colonial Pipeline does not intend to pay the ransom demanded by the hackers who encrypted their data, according to sources familiar with the company’s response. Instead, the company is collaborating with law enforcement and the cybersecurity firm FireEye in the United States to mitigate the damage and restore operations.

The Repercussions of The Colonial Pipeline Hack

When the hack was discovered, the employee alerted an operations supervisor, and the process of shutting down the pipeline began. The pipeline was completely shut down by 6 am.

This was the first time in 57 years that the entire gasoline pipeline was shut down, and this resulted in panic from consumers who were unsure of what effects the shutdown would have on them. The outage led to long lines at gas stations, many of which ran out, and higher fuel prices.

The pipeline was subsequently checked for any damage, and services were restored on May 112th, 2021. Meanwhile, Mandiant was sweeping the network to determine how far the hackers had penetrated while installing new detection tools that would alert Colonial to any follow-on attacks, which are not uncommon after a significant breach, according to Carmakal. Investigators have discovered no evidence that the same group of hackers attempted to reclaim access.

In response to the hack, the Transportation Security Administration implemented a new policy requiring pipeline operators to notify the government of cyberattacks within 12 hours.

On June 9th, Colonial Pipeline CEO Joseph Blount will testify before the House Committee on Homeland Security.