By Bahar Ferguson 

The recent cybersecurity attacks on Colonial Pipeline Co. and JBS have shocked many, and not least because both entities are not small enterprises. Colonial Pipeline Co. is the largest fuel pipeline in the U.S. and JBS is the world’s largest meat processing company, with over 66,000 employees.

The attacks affected not only operations, but large numbers of workers as well. This article will feature a brief overview, as of the time of writing this article, of what happened in both cases followed by the mistakes that the companies made and how they could have avoided these attacks.

Colonial Pipeline Co.

The hack that managed to take down the Colonial Pipeline Co. (CPC) led to fuel shortages along the East Coast of the U.S., and according to a cybersecurity consultant that helped the company by responding to the attack, was the result of a single password that was compromised.

According to Charles Carmakal, senior vice president at Mandiant (a cybersecurity firm that’s part of FireEye Inc.), CPC had a virtual private network account that allowed employees to access the company computer network remotely, and while it wasn’t in use anymore at the time that the attack happened, it could still be used to gain access to CPC’s network.

The password to that account was found in a group of leaked passwords available on the dark web. A CPC employee could have used that password on a separate account that was hacked earlier, but Carmakal doesn’t know for sure how the hackers got the password and investigators may never know. The VPN account also didn’t use multifactor authentication (MFA).

Just over a week later, a CPC employee in the control room saw that they had received a ransom note that demanded cryptocurrency. The employee told an operations supervisor, who went on to start shutting down the pipeline. A little over an hour later, the entire pipeline was shut down. This was the first time that the pipeline had been shut down entirely in its entire 57 years.

The company paid the hackers their $4.4 million ransom and the U.S. has since recovered $2.3 million worth of the Bitcoin back. The Biden administration accomplished this via a specialised task force.

JBS USA

JBS experienced a ransomware attack where hackers managed to get into their computer network and threatened to delete files or cause disruptions unless JBS paid them a ransom.

Some operations were temporarily shut down in Canada, the U.S. and Australia, which affected thousands of workers. JBS believes that the ransomware attack came from a criminal group that is probably located in Russia.

The company has talked to the White House, who is engaging directly with the Russian government on the matter.

Russia’s Deputy Foreign Minister, Sergei Ryabkov, let local media know that the Biden administration had contacted Moscow in order to talk about the cyberattack.

JBS suspended all IT systems that had been affected as soon as they detected the attack and found that their backup servers were unaffected. JBS has their five largest beef plants in the U.S., and the shutdowns stopped a fifth of their meat production there.

The ransom of $11 million was paid, as JBS hoped that it would help avoid any more complications, like data theft.

What went wrong?

CPC made several relatively glaring mistakes. The first was having a “legacy” VPN, which, though not in use, could still access the CPC network. Additionally, the VPN didn’t make use of MFA, a basic cybersecurity measure. On top of this, the compromised password hadn’t been changed and was still in use.

JBS spends over $200 million on IT and also has over 850 tech specialists in employment. And yet they still suffered an attack. It’s unclear how the hackers accessed JBS’ network.

How could these attacks have been prevented?

One of the best methods of prevention is performing a broad cyber risk assessment, like penetration testing. This is an IT solution that tests the safety of one, some of or all of an organization’s cybersecurity components. Penetration testing acts like a hacker and shows how a hacker might enter an organization’s network or systems. Cybersecurity assessments help show how strong an organisation’s cybersecurity is and the specific ways that it can be strengthened.

More specific methods of strengthening cybersecurity include:

Biosecurity. This is the verification of the identity of a user before they access valuable assets. This type of security includes palm or behavioral biometrics, gait analysis, facial or voice recognition, fingerprint scans and more.

Written cybersecurity policy. This serves as a formal guide to the company’s cybersecurity measures as well as allowing employees and security specialists to be on the same page.

Backing up data. Things like ransomware could be rendered useless if all of the critical data is backed up. There’s no need to pay a ransom for data that exists elsewhere.

IoT security. Things like doorbells, security cameras, even heating systems, can be potential access points for a hack. Penetration tests can help determine which points are weak.

Enabling firewalls.

Using MFA.

Developing a security framework. This should be scalable and support all IoT deployments.

Password management. Using specialized tools, PAM solutions and password vaults can all help. Passwords should never be repeated, shared or kept the same for long periods of time. Phrases are better than short strings of random characters.

Using the principle of least privilege. New accounts should be limited to the least privileges possible, and these can be increased as time goes by.

Watching over privileged users. User activity monitoring solutions can be used to record any actions that happen within the network. Accounts should be terminated when users are no longer with the company.

Using antivirus/malware software.

Using a spam filter.

Monitoring third-party data access.

Being extremely wary of phishing.

Having Regular cyber security training to improve employee awareness.

Cybersecurity ranges from the mundane and the everyday to the top tier, serious apps, practices, policies and education. The bottom line is that no effort is too great, especially for companies dealing with large sums of money, large numbers of workers and a lot of sensitive data. The cyberattacks against CPC and JBS could possibly have been prevented with routine check-ups, cyber risk assessments and more awareness on cybersecurity.

Bahar Ferguson is president of Wasatch I.T., a Utah provider of outsourced IT services for small and medium-sized businesses.