Security experts found the reason why Colonial Pipeline was hacked. They claimed that the company was breached through its compromised password.
Previously, many companies were hacked by various groups of cybercriminals and other online attackers. And now, Colonial Pipeline, one of the largest pipeline operators, joined the list of victims. This is currently a serious matter since many malicious actors are making efforts on how to breach large companies, tech firms, and even government agencies.
The involved attackers gained access to Colonial Pipeline’s computer networks in April using a compromised password, according to the company and a cybersecurity firm it hired, leading to the deliberate shutdown of one of America’s most important fuel distribution companies and the panic gas buying that ensued for days.
The password had been linked to a disused virtual private networking account used for remote access, FireEye confirmed that the account was not guarded by an extra layer of security known as multi-factor authentication. However, experts said that it is still unclear how the Colonial Pipeline hackers obtained the compromised credential. But, the revelation about how hackers could force a critical supply chain company to its knees with something so simple underscores the grave risks posed not only by opportunistic cybercriminals but also by the lax digital hygiene of some major US businesses.
On the other hand, various U.S. authorities claimed that those who attacked Colonial Pipeline are also connected to the DarkSide, another hacking group that emerged last summer offering ransomware as a service. Like many other ransomware groups, DarkSide has targeted large, cash-rich organizations, holding compromised networks hostage until the victims pay a fee. In the case of Colonial, Blount has said he authorized a ransom payment of $4.4 million.
Since the massive Colonial Pipeline hack happened because of a compromised password, here are some tricks that could help you create a strong password for your personal account and even for your company’s system.
Creating a Strong Password
As of the moment, various companies are targeted by different ransomware users. Because of this, some security researchers and critics are suggesting that tech firms and other businesses should now focus their attention on creating strong passwords.
Here are some tricks you can use to make a password that can’t easily be breached by ransomware;
- The longer the password, the more secure it is. The length of a password is more important than the complexity of the password to make it secure. Having 14 characters in the password is a good number to start with if the online service allows for it; else, you should use the maximum character length allowed on the website.
- A healthy and secure password is a complex one that should have a mix of alphabets – both upper and lower cases, numbers, and symbols in random order. With the combination of characters and their random order, it becomes tough for hackers to crack passwords.
- Use a unique and strong password for your email service. Do not use this same password for any other online accounts you sign up for. This way, anytime your account is compromised or hacked, your email account becomes your primary source to reset your password and contains other vital information relating to your identity. So, your email password needs to be your most secure account.