Who needs a Security Stack…?

Now that a little more time has passed since the Colonial Pipeline shutdown, we’re learning details about exactly how the attack played out. Interestingly, based on the vulnerabilities that the hackers exploited, this attack could have been prevented or interrupted by several different layers of our 2021 Security Stack. This is precisely why we deploy a “stacked” approach to security. The bad guys use constantly evolving tactics, and each new tactic demands a new countermeasure or process redesign.

On June 4, Bloomberg reported that the Colonial Pipeline breach was caused by a compromised VPN password that had been published on the Dark Web. The bad guys used that to get a foothold in the network and spread laterally, figuring out whom they’d breached and what “opportunities” lay before them. They got in on April 29, and spent a week investigating the network and exfiltrating data before they locked everything down on May 7, demanding ransom.

Here’s how our 2021 Security Stack could have prevented this catastrophe. There are several points at which it could have been stopped.

  1. Security Awareness Training – we train our security clients’ employees on best practices and hygiene, such as NOT REUSING PASSWORDS ON MULTIPLE ACCOUNTS. If this poor guy had had a unique password on his VPN, or perhaps even had a valid password change policy that expired his password after X days, this likely would not have happened.
  2. Password Manager – our security clients use a Password Manager to keep track of unique, complex passwords for all logins. Passwords stored in your web browser can be cracked. Password managers keep track of the dozens of unique passwords we all have to manage these days, and alert when passwords are reused.
  3. Dark Web Monitoring – we monitor the Dark Web for any references to our security clients’ domain (whatever.com), and alert users to change their credentials when they show up there. If discovered, this would have prompted the Colonial user to change the published password.
  4. Legacy VPN Access – our security clients use an always-on VPN on every device, which forces ALL traffic through a Security Operation Center (SOC) for monitoring, inspection, analysis, and threat-response. Not only is all traffic to and from the devices encrypted for privacy, but they are always securely connected to the corporate network, with the 24/7/365 SOC between you and the hackers.
  5. Multi Factor Authentication (MFA / 2FA) – If the VPN had required 2FA (username, password, AND random code generated on a smartphone), then this breach would not have happened. We strongly suggest and implement MFA for all security-related and Microsoft 365 credentials.
  6. Managed Response – even if the bad guys managed to get through these first 5 relevant layers of the Stack and get a foothold on a machine, our SOC recognizes the malicious behavior with AI-driven technology and refer it to a top-tier security engineer in the SOC. The security engineer can end the threat by killing the PC process that has been exploited, or even isolating the machine from the network entirely for reimaging.

So there you have it. There is no single magic bullet to combat these criminals and enemy nations. Virus Protection and a firewall doesn’t do squat against the sophisticated tactics of today’s “bad actors.” Colonial Pipeline had up-to-date virus protection and a super-expensive firewall, but not having a layered, stacked approach to security cost them $17.5 Million in lost revenue ($3.5 Million per day running through the pipeline X 5 days down = $17.5 Million).

To protect our clients in 2021, it takes a multilayered stack of tools AND the brains to manage and respond to them. Unfortunately, it’s not cheap, but it’s a lot cheaper than a ransomware event, which lasts for 16 days on average. And you do not want the cheapest people trying to keep Russia, China, and organized crime out of your business.

Want to see how your network stacks up? Sign up for a free security assessment with our spokeslady for National Be Kind to Pets Month 2021, Georgia the Cyberdog, at www.sipoasis.com/georgia.