Colonial Pipeline CEO Joseph Blount told a U.S. Senate committee that the ransomware attack that disrupted fuel distribution to the majority of the eastern United States was caused by attackers stealing a single password that protected the enterprise’s VPN. “In the case of this particular legacy VPN, it only had single-factor authentication,” Blount informed the panel, convened this week in order to examine the attack and other similar threats to U.S. infrastructure.
The single password theft cost the company 75 bitcoins, or $5 million, which it paid to the ransomers believed to be DarkSide, a group that has since shuttered operations. Reuters reported that some senators on the panel suggested Colonial should have consulted with the government before deciding to pay the ransom, as paying ransomers is an act that goes against federal guidelines. Blount responded that he understood the decision to pay or not pay was a private matter to be handled within the company. Even though they received the ransom key, Blount said the company’s IT infrastructure was still in recovery mode. On Monday, the Justice Department announced it had recovered 60 of Colonial’s 75 bitcoins, though the value of the bitcoins has decreased.
Ransomware gangs target SonicWall devices
Researchers have noticed a ransomware trend developing this year – cybercrime groups are targeting SonicWall devices in order to breach corporate networks and deploy ransomware. According to The Record, this continues a pattern that has been ongoing since 2019, where the angle of approach has been through security equipment itself. In this case, the equipment consists of SonicWall VPNs and network gateways. Companies are urged to apply all the latest patches to their equipment and to add two-factor authentication to all SonicWall systems.
WWDC announces Siri overhaul for privacy
At Apple’s worldwide developer’s conference this week, the company announced that starting with iOS 15 this autumn, Siri will begin processing audio “on device,” meaning that users’ queries will no longer be routed through Apple’s servers. The benefits will be two-fold – more privacy and quicker response time. Apple announced other privacy initiatives as well, including Mail Privacy Protection, which will block email tracking, and iCloud+, which will encrypt all traffic and send it through Apple servers to mask the user’s ID. Read more at The Guardian.
FindMy will locate iPhone even when powered off
Another feature of iOS 15 is the ability of the FindMy network to locate a user’s iPhone even when that phone is powered off or has been factory reset. 9to5mac posted that with iOS 15, the phone will never really be powered off, but instead remain in a low-power state that acts like an AirTag for the FindMy network. Users will be alerted of the new feature when their battery power runs low for the first time with iOS 15. To make the iPhone actually turn off, users will have to disable the low-power “FindMy” mode in settings.
Microsoft, Adobe, Intel release giant Patch Tuesday updates
This week’s Patch Tuesday was a big one across the computer industry, with Microsoft patching 50 flaws, Adobe patching 41, and Intel patching 73. The Microsoft update includes patches for 7 zero-day vulnerabilities, 6 of which have been exploited in the past. The Adobe update includes fixes for bugs found in 10 applications, including Acrobat Reader and Photoshop. The Intel update, amidst its 73 fixes, addresses 5 high-severity vulnerabilities impacting the Intel Virtualization Technology for Directed I/o (VT-d) products, the BIOS firmware for some Intel processors, and the Intel Security Library.
This week’s “must-read” on The Avast Blog
What do security cameras in your neighborhood know about you? And where are they sending it? Find out in this week’s installment of What Does the Internet Know About Me?
*** This is a Security Bloggers Network syndicated blog from Blog | Avast EN authored by Avast Blog. Read the original post at: https://blog.avast.com/colonial-pipeline-disrupted-by-single-password-avast