Australia markets closed
  • ALL ORDS

    7,578.60
    +39.50 (+0.52%)
     
  • ASX 200

    7,308.00
    +32.70 (+0.45%)
     
  • AUD/USD

    0.7598
    +0.0014 (+0.18%)
     
  • OIL

    73.29
    -0.01 (-0.01%)
     
  • GOLD

    1,782.80
    +6.10 (+0.34%)
     
  • BTC-AUD

    45,195.39
    +1,108.18 (+2.51%)
     
  • CMC Crypto 200

    821.74
    +35.13 (+4.47%)
     
  • AUD/EUR

    0.6359
    +0.0005 (+0.08%)
     
  • AUD/NZD

    1.0737
    -0.0002 (-0.02%)
     
  • NZX 50

    12,626.09
    +39.20 (+0.31%)
     
  • NASDAQ

    14,365.96
    +91.72 (+0.64%)
     
  • FTSE

    7,119.11
    +9.14 (+0.13%)
     
  • Dow Jones

    34,196.82
    +322.58 (+0.95%)
     
  • DAX

    15,562.89
    -26.34 (-0.17%)
     
  • Hang Seng

    29,288.22
    +405.76 (+1.40%)
     
  • NIKKEI 225

    29,066.18
    +190.95 (+0.66%)
     

Colonial Pipeline ransomware attack linked to a single VPN login

·Senior News Editor
·1-min read

Last month's oil pipeline ransomware incident that spurred fuel shortages/hoarding and a $4.4 million payout to the attackers has apparently been traced back to an unused but still active VPN login. Mandiant exec Charles Carmakal told Bloomberg that their analysis of the attack found that the suspicious activity on Colonial Pipeline's network started April 29th.

While they couldn't confirm exactly how the attackers got the login, there apparently isn't any evidence of phishing techniques, sophisticated or otherwise. What they did find is that the employee's password was present in a dump of login shared on the dark web, so if it was reused and the attackers matched it up with a username, that could be the answer to how they got in.

Then, a little more than a week later a ransom message popped up on Colonial Pipeline's computer screens and staff started shutting down operations. While this is just one in a never-ending string of similar incidents, the impact of the shutdown was great enough that Colonial Pipeline's CEO is scheduled to testify in front of congressional committees next week, and the DoJ has centralized ransomware responses in a manner similar to the way it deals with terrorism cases.

Our goal is to create a safe and engaging place for users to connect over interests and passions. In order to improve our community experience, we are temporarily suspending article commenting