In a recent senate hearing concerning the network security breach at Colonial Pipeline in May, the company's CEO provided additional information about the attack.
The CEO testified that because Colonial's network runs on an older Virtual Private Network (VPN) system that does not allow for multi-factor authentication (MFA), hackers gained access to their network by using one stolen password, even one that he says was quite complex.
The hackers installed ransomware on the pipeline computer network that shut down Colonial's oil delivery channels, causing a spike in oil prices and gas shortages in local areas.
Senators expressed surprise after the CEO acknowledged that Colonial did have a network breach response plan in place but failed to adequately address prevention. The CEO stated that his firm has invested more than $200 million in its IT systems over the past five years, but a spokesman later clarified that this amount represents overall IT spending, including cybersecurity.
Although the FBI says paying ransom demands will embolden cybercriminals to escalate attacks and recommends breach victims not pay ransom, Colonial's executives ultimately chose to pay the ransom demand to regain access to its system. "One password allowed hackers to disrupt Colonial Pipeline, CEO tells senators" saltwire.com (Jun. 08, 2021).