Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementSecurity Leadership and ManagementLogical SecuritySecurity & Business ResilienceInfrastructure:Electric,Gas & Water

Critical infrastructure cyberattacks: An impetus for identity-first security

By Allen Moffett
pipeline in winter
December 22, 2021

In June, the CEO of Colonial Pipeline revealed that the ransomware attack that disrupted the company’s operations and sparked fuel shortages around the United States began as many attacks do — with stolen credentials.

In this case, those credentials belonged to a legacy VPN account that was not protected by multifactor authentication (MFA). It is a nightmare scenario for security teams — a security blind spot that led to the disruption of business operations. With so many employees working remotely, securing VPN systems is a critical part of enterprise security.

When the COVID-19 pandemic forced businesses to close down their offices, the amount of VPN usage spiked. As it increased, so too did the pressure on organizations to ensure the VPN system was patched, secure and available. This same pressure has continued to exert its force a year later, as recent research revealed a significant jump in attacks against VPN vulnerabilities during the first quarter of 2021.

Some of these attacks have been linked to state-sponsored threat actors, like those the National Security Agency (NSA) warned about in April that targeted known vulnerabilities in the Pulse Secure Connect and FortiGate VPN products. Other attacks take the form of phishing attempts designed to trick victims into giving up their VPN credentials. To complete this ruse successfully, threat actors can craft an email that resembles a message from the IT staff that prompts the recipient to reset their VPN password.

The focus on compromising digital identities is a staple of modern data breaches and a reminder to organizations to practice basic security hygiene. As a critical system, VPNs should be protected via strong passwords. During the U.S. Senate committee hearing in June when he discussed the attack, Colonial Pipeline CEO Joseph Blount Jr. said the password for the compromised account was “complicated” and not a “Colonial123-type password.” However, given that the purpose of a VPN solution is to provide secure access, there should be more than one layer of protection to safeguard the system.

One of the principal mechanisms of implementing identity-first security is enabling multifactor authentication (MFA). MFA can utilize SMS tokens, user biometrics or other approaches. When properly implemented, it significantly reduces the probability of a successful attack involving a stolen credential. Nothing is foolproof, but the ultimate goal of security is to raise the bar threat actors have to hurdle in an attack. For organizations considering adopting a zero trust architecture, MFA represents a basic step toward providing stronger identity assurance.

In a world of remote workforces and cloud computing, such assurance has to be the focus of security efforts. Identity management is now being recognized as a core function of security and IT operations more generally. One of the challenges facing businesses today is to bring these groups, as well as other stakeholders such as Human Resources and others, to the table to establish, review and maintain the provisioning and deprovisioning of identities in the business. This process is often complicated, not just because of the sheer number of identities, but also because decisions about access rights can also be a source of friction within organizations.

Still, the importance of effectively managing the full identity lifecycle does not vary based on office politics. As it turns out, the compromised account at the center of the Colonial Pipeline breach was orphaned. Accounts without active owners are a danger for any organization. Left unmonitored, these accounts allow attackers to take advantage of the account to potentially do everything from sending phishing emails to accessing sensitive data.

Orphaned accounts can appear for several reasons. One of the biggest culprits behind their creation is a failure to delete users who have left their organization. According to research from the Identity Defined Security Alliance, only 34% of organizations revoke system access when an employee leaves, posing a significant risk. Orphaned accounts can also appear due to promotions, demotions or even the change of an email address. To prevent this situation, organizations should rely on as much automation as possible. The more manual the processes of provisioning and deprovisioning users are, the more likely it is there will be errors and security gaps introduced into the organization.

The fact that the VPN password was found on the Dark Web offers another wrinkle to the story. The Dark Web is not updated in real-time, meaning that usernames and passwords found there may have been there for significant amounts of time. Making matters worse, it is not uncommon for users to use common credentials across multiple sites. For example, in one instance, credentials obtained from a password dump containing LinkedIn credentials were used to access enterprise applications. One leaked password can cause damage that extends well beyond the application the credentials were created for. When a password is obtained in this manner, the complexity of the password is irrelevant. This adds to the need for requiring MFA and moving away from passwords wherever possible.

While the attackers used ransomware in the case of Colonial Pipeline, stolen credentials and orphaned accounts can be abused to perform all manner of malicious activity. For IT, let the incident serve as a reminder. For organizations today, strong identity governance is part and parcel of strong security — and the price for a single mistake can be steep.

KEYWORDS: cyber attack response cyber security investigation multi-factor authentication password security phishing attack pipeline security ransomware VPN zero trust

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Moffett headshot

Allen Moffett is Global IAM Practice Lead at ATOS. He is also the Global Lead for the IAM and Biometrics sub-domain of the ATOS Expert Community, helping to steer business strategy and building the technology roadmap by anticipating the products and services that will be needed by the market. Allen is a member of the Executive Advisory Board of the Identity Defined Security Alliance and has previously been an active participant in leadership councils for other industry organizations such as the Smart Card Alliance and the Electronic Messaging Association.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Top Cybersecurity Leaders
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Columns
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    New Security Technology
    By: Charles Denyer
Subscribe For Free!
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Pills spilled

More than 20,000 sensitive medical records exposed

Coding on screen

Research reveals mass scanning and exploitation campaigns

Laptop in darkness

Verizon 2025 Data Breach Investigations Report shows rise in cyberattacks

White post office truck

Department of Labor Sues USPS Over Texas Whistleblower Termination

Computer with binary code hovering nearby

Cyberattacks Targeting US Increased by 136%

2025 Security Benchmark banner

Events

May 22, 2025

Proactive Crisis Communication

Crisis doesn't wait for the right time - it strikes when least expected. Is your team prepared to communicate clearly and effectively when it matters most?

September 29, 2025

Global Security Exchange (GSX)

 

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • 5 mins with Bocek

    5 minutes with Kevin Bocek - Why machine identity management is critical for security

    See More
  • laptop

    Identity-first security boosts digital trust for humans & machines

    See More
  • cyber-shield-freepik1170x658.jpg

    US enterprises at risk; Russian cyberattacks could disrupt public safety, critical infrastructure

    See More
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing