{"id":2069,"date":"2021-06-08T18:24:16","date_gmt":"2021-06-08T12:54:16","guid":{"rendered":"https:\/\/xiarch.com\/blog\/?p=2069"},"modified":"2021-06-08T18:24:17","modified_gmt":"2021-06-08T12:54:17","slug":"using-negotiated-vpn-password-hackers-breached-colonial-pipeline","status":"publish","type":"post","link":"https:\/\/xiarch.com\/blog\/using-negotiated-vpn-password-hackers-breached-colonial-pipeline\/","title":{"rendered":"Using Negotiated VPN Password Hackers Breached Colonial Pipeline"},"content":{"rendered":"\n<p><p style=\"text-align: justify;\">In the early last month, the ransomware gang that organizes the Colonial Pipeline attack damage the pipelined operator\u2019s network using a negotiate virtual private network (VPN) account password, the latest research into the incident has discovered.<\/p><\/p>\n\n\n\n<p><p style=\"text-align: justify;\">The advancement, which was revealed by Bloomberg on Friday, consisted of getting a start footing into the networks as early as 29th of April using the VPN account, which permits the employees to access the company\u2019s network remotely.<\/p><\/p>\n\n\n\n<p><p style=\"text-align: justify;\">The report said that the VPN login \u2013 which didn\u2019t have multi-factor security on \u2013 was unused but active at the current time of the attack, computing the password has since been discovered inside a collection of leaked credentials on the dark web, advising that an employee of the company may have reused the same credentials on a different account that was breached before.<\/p><\/p>\n\n\n\n<p><p style=\"text-align: justify;\">But it\u2019s still unclear that how the credentials were generated, which our experts quoted as a briefing to the publication. The FireEye-owned supplementary is currently instructing Colonial Pipeline with the circumstance reverts efforts following a ransomware attack on 7th May that led to the organization halting its operations for about a week.<\/p><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>How Much The Association Need to Pay?<\/strong><\/h2>\n\n\n\n<p><p style=\"text-align: justify;\">Darkside, the cybercrime association behind the attack, has since destroyed, but not before stealing more than 100 gigabytes of information from Colonial Pipeline in the terms of double breakdown, forcing the association to pay $4.4 million of ransom immediately after the hack and avoid confession of crucial data. The cartel is predicted to have made away with nearly $90 million during the none month of its ongoing process.<\/p><\/p>\n\n\n\n<p><p style=\"text-align: justify;\">On 28th May the Colonial Pipeline issue has also convinced the U.S. Transportation Security Administration to issue a security directive needed pipeline operators to claim cyberattacks to the Cybersecurity and Infrastructure Security Agency (CISA) within 12 hours, additionally to mandating facilities to submit a susceptibility assessment discovering any gaps in their current practices within 30 days.<\/p><\/p>\n\n\n\n<p><p style=\"text-align: justify;\">The advancement arrives amid an outburst of ransomware attacks in current months, which also includes that of Brazilian meat processing company JBS last week by Russia-linked REvil group, underscoring a threat to sensitive infrastructure and announcing a new point of defeat that has had a serious impact on consumer supply chains and daily based operations, leading to fuel shortages and delays in the emergency health process.<\/p><\/p>\n\n\n\n<p><p style=\"text-align: justify;\">As the ransom demands have expanded extremely, enlarge from thousands to millions of dollars, so have the adversary on high-profile victims, with companies in the energy, healthcare, education, and food sectors progressively becoming prime targets, in turn sustaining a dangerous cycle that facilitates cybercriminals to seek the largest payouts probable.<\/p><\/p>\n\n\n\n<p><p style=\"text-align: justify;\">The beneficial business model of double extortion \u2013 i.e., connecting data exfiltration and ransomware threats \u2013 have also outcome in attackers increasing on the techniques to what\u2019s called triple extortion, where an amount is demanded from the customers, partners, and other third-party associated with the starting of data breach to demand even extra money for their crimes.<\/p><\/p>\n\n\n\n<p><p style=\"text-align: justify;\">Worryingly, the trend of paying off criminal attackers has also set off mounting issues that it could maintain a dangerous criterion, moreover energizing threat actors to individual out sensitive infrastructure and put them at high risk.<\/p><\/p>\n\n\n\n<p><p style=\"text-align: justify;\">REvil (aka Sodinokibi), for its part, has going assimilating a new technique into its ransomware-as-a-service (RaaS) playbook that consists of executing appropriate denial-of-service (DDoS) attacks and generating voice calls to the infected user\u2019s business partners and the media, \u201cintent at pressurize the victim\u2019s company to meet ransom demands within the nominated time frame.\u201d Researchers from Check Point disclosed last month.<\/p><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>How Attackers Boost Up the Chance of Paying Ransomware?<\/strong><\/h2>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-large\"><img decoding=\"async\" loading=\"lazy\" width=\"976\" height=\"549\" src=\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/06\/Using-Negotiated-VPN-Password-Hackers-Breached-Colonial-Pipeline-image1.jpg\" alt=\"Using-Negotiated-VPN-Password-Hackers-Breached-Colonial-Pipeline-image1\" class=\"wp-image-2072\" srcset=\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/06\/Using-Negotiated-VPN-Password-Hackers-Breached-Colonial-Pipeline-image1.jpg 976w, https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/06\/Using-Negotiated-VPN-Password-Hackers-Breached-Colonial-Pipeline-image1-300x169.jpg 300w, https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/06\/Using-Negotiated-VPN-Password-Hackers-Breached-Colonial-Pipeline-image1-768x432.jpg 768w\" sizes=\"(max-width: 976px) 100vw, 976px\" \/><\/figure><\/div>\n\n\n\n<p><p style=\"text-align: justify;\">\u201cBy combining file encoded, data theft, and DDoS attacks, cybercriminals have importantly hit a ransomware complicated designed to boost up the chances of transaction,\u201d network security association NetScout said.<\/p><\/p>\n\n\n\n<p><p style=\"text-align: justify;\">The disturbing power of the ransomware pandemic has also set in motion a set-in motion a series of actions, what with the U.S. Federal Bureau of Investigation (FBI) creating the longstanding problem a \u201chigh priority.\u201d The Justice Department said it\u2019s raised investigations of ransomware attacks to the same priority as terrorism, according to a report from experts last week.<\/p><\/p>\n\n\n\n<p><p style=\"text-align: justify;\">Confronting that the FBI is seeking methods to damage the criminal ecosystem that support the ransomware industry, Director Christopher Wray said the Wall Street Journal that the agency is researching nearly 100 various types of ransomwares, most of them are found backed to Russia, while comparing the national security threats to the challenge posed by 11th of September 2001 terrorist attack.<\/p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>In the early last month, the ransomware gang that organizes the Colonial Pipeline attack damage the pipelined operator\u2019s network using a negotiate virtual private network (VPN) account password, the latest research into the incident has discovered. The advancement, which was revealed by Bloomberg on Friday, consisted of getting a start footing into the networks as [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":2073,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[5],"tags":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v20.11 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Using Negotiated VPN Password Hackers Breached Colonial Pipeline - Xiarch Solutions Private Limited<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/xiarch.com\/blog\/using-negotiated-vpn-password-hackers-breached-colonial-pipeline\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Using Negotiated VPN Password Hackers Breached Colonial Pipeline - Xiarch Solutions Private Limited\" \/>\n<meta property=\"og:description\" content=\"In the early last month, the ransomware gang that organizes the Colonial Pipeline attack damage the pipelined operator\u2019s network using a negotiate virtual private network (VPN) account password, the latest research into the incident has discovered. The advancement, which was revealed by Bloomberg on Friday, consisted of getting a start footing into the networks as [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/xiarch.com\/blog\/using-negotiated-vpn-password-hackers-breached-colonial-pipeline\/\" \/>\n<meta property=\"og:site_name\" content=\"Xiarch Solutions Private Limited\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/xiarch\/\" \/>\n<meta property=\"article:published_time\" content=\"2021-06-08T12:54:16+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-06-08T12:54:17+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/06\/Using-Negotiated-VPN-Password-Hackers-Breached-Colonial-Pipeline-featured-image.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1000\" \/>\n\t<meta property=\"og:image:height\" content=\"525\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Xiarch Security\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@xiarch\" \/>\n<meta name=\"twitter:site\" content=\"@xiarch\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Xiarch Security\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/xiarch.com\/blog\/using-negotiated-vpn-password-hackers-breached-colonial-pipeline\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/xiarch.com\/blog\/using-negotiated-vpn-password-hackers-breached-colonial-pipeline\/\"},\"author\":{\"name\":\"Xiarch Security\",\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/person\/655d814a04eacce56942270cfdc5c59c\"},\"headline\":\"Using Negotiated VPN Password Hackers Breached Colonial Pipeline\",\"datePublished\":\"2021-06-08T12:54:16+00:00\",\"dateModified\":\"2021-06-08T12:54:17+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/xiarch.com\/blog\/using-negotiated-vpn-password-hackers-breached-colonial-pipeline\/\"},\"wordCount\":756,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/xiarch.com\/blog\/#organization\"},\"articleSection\":[\"Breaches\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/xiarch.com\/blog\/using-negotiated-vpn-password-hackers-breached-colonial-pipeline\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/xiarch.com\/blog\/using-negotiated-vpn-password-hackers-breached-colonial-pipeline\/\",\"url\":\"https:\/\/xiarch.com\/blog\/using-negotiated-vpn-password-hackers-breached-colonial-pipeline\/\",\"name\":\"Using Negotiated VPN Password Hackers Breached Colonial Pipeline - Xiarch Solutions Private Limited\",\"isPartOf\":{\"@id\":\"https:\/\/xiarch.com\/blog\/#website\"},\"datePublished\":\"2021-06-08T12:54:16+00:00\",\"dateModified\":\"2021-06-08T12:54:17+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/xiarch.com\/blog\/using-negotiated-vpn-password-hackers-breached-colonial-pipeline\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/xiarch.com\/blog\/using-negotiated-vpn-password-hackers-breached-colonial-pipeline\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/xiarch.com\/blog\/using-negotiated-vpn-password-hackers-breached-colonial-pipeline\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/xiarch.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Using Negotiated VPN Password Hackers Breached Colonial Pipeline\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/xiarch.com\/blog\/#website\",\"url\":\"https:\/\/xiarch.com\/blog\/\",\"name\":\"Xiarch Solutions Private Limited\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/xiarch.com\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/xiarch.com\/blog\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/xiarch.com\/blog\/#organization\",\"name\":\"Xiarch\",\"url\":\"https:\/\/xiarch.com\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/06\/xi-logo-002.png\",\"contentUrl\":\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/06\/xi-logo-002.png\",\"width\":300,\"height\":300,\"caption\":\"Xiarch\"},\"image\":{\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/xiarch\/\",\"https:\/\/twitter.com\/xiarch\",\"https:\/\/www.linkedin.com\/company\/xiarch\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/person\/655d814a04eacce56942270cfdc5c59c\",\"name\":\"Xiarch Security\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/d33699ed91b76568586dc1ae278ea568?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/d33699ed91b76568586dc1ae278ea568?s=96&d=mm&r=g\",\"caption\":\"Xiarch Security\"},\"sameAs\":[\"https:\/\/xiarch.com\/blog\/\"],\"url\":\"https:\/\/xiarch.com\/blog\/author\/vector\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Using Negotiated VPN Password Hackers Breached Colonial Pipeline - Xiarch Solutions Private Limited","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/xiarch.com\/blog\/using-negotiated-vpn-password-hackers-breached-colonial-pipeline\/","og_locale":"en_US","og_type":"article","og_title":"Using Negotiated VPN Password Hackers Breached Colonial Pipeline - Xiarch Solutions Private Limited","og_description":"In the early last month, the ransomware gang that organizes the Colonial Pipeline attack damage the pipelined operator\u2019s network using a negotiate virtual private network (VPN) account password, the latest research into the incident has discovered. The advancement, which was revealed by Bloomberg on Friday, consisted of getting a start footing into the networks as [&hellip;]","og_url":"https:\/\/xiarch.com\/blog\/using-negotiated-vpn-password-hackers-breached-colonial-pipeline\/","og_site_name":"Xiarch Solutions Private Limited","article_publisher":"https:\/\/www.facebook.com\/xiarch\/","article_published_time":"2021-06-08T12:54:16+00:00","article_modified_time":"2021-06-08T12:54:17+00:00","og_image":[{"width":1000,"height":525,"url":"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/06\/Using-Negotiated-VPN-Password-Hackers-Breached-Colonial-Pipeline-featured-image.jpg","type":"image\/jpeg"}],"author":"Xiarch Security","twitter_card":"summary_large_image","twitter_creator":"@xiarch","twitter_site":"@xiarch","twitter_misc":{"Written by":"Xiarch Security","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/xiarch.com\/blog\/using-negotiated-vpn-password-hackers-breached-colonial-pipeline\/#article","isPartOf":{"@id":"https:\/\/xiarch.com\/blog\/using-negotiated-vpn-password-hackers-breached-colonial-pipeline\/"},"author":{"name":"Xiarch Security","@id":"https:\/\/xiarch.com\/blog\/#\/schema\/person\/655d814a04eacce56942270cfdc5c59c"},"headline":"Using Negotiated VPN Password Hackers Breached Colonial Pipeline","datePublished":"2021-06-08T12:54:16+00:00","dateModified":"2021-06-08T12:54:17+00:00","mainEntityOfPage":{"@id":"https:\/\/xiarch.com\/blog\/using-negotiated-vpn-password-hackers-breached-colonial-pipeline\/"},"wordCount":756,"commentCount":0,"publisher":{"@id":"https:\/\/xiarch.com\/blog\/#organization"},"articleSection":["Breaches"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/xiarch.com\/blog\/using-negotiated-vpn-password-hackers-breached-colonial-pipeline\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/xiarch.com\/blog\/using-negotiated-vpn-password-hackers-breached-colonial-pipeline\/","url":"https:\/\/xiarch.com\/blog\/using-negotiated-vpn-password-hackers-breached-colonial-pipeline\/","name":"Using Negotiated VPN Password Hackers Breached Colonial Pipeline - Xiarch Solutions Private Limited","isPartOf":{"@id":"https:\/\/xiarch.com\/blog\/#website"},"datePublished":"2021-06-08T12:54:16+00:00","dateModified":"2021-06-08T12:54:17+00:00","breadcrumb":{"@id":"https:\/\/xiarch.com\/blog\/using-negotiated-vpn-password-hackers-breached-colonial-pipeline\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/xiarch.com\/blog\/using-negotiated-vpn-password-hackers-breached-colonial-pipeline\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/xiarch.com\/blog\/using-negotiated-vpn-password-hackers-breached-colonial-pipeline\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/xiarch.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Using Negotiated VPN Password Hackers Breached Colonial Pipeline"}]},{"@type":"WebSite","@id":"https:\/\/xiarch.com\/blog\/#website","url":"https:\/\/xiarch.com\/blog\/","name":"Xiarch Solutions Private Limited","description":"","publisher":{"@id":"https:\/\/xiarch.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/xiarch.com\/blog\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/xiarch.com\/blog\/#organization","name":"Xiarch","url":"https:\/\/xiarch.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/xiarch.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/06\/xi-logo-002.png","contentUrl":"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/06\/xi-logo-002.png","width":300,"height":300,"caption":"Xiarch"},"image":{"@id":"https:\/\/xiarch.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/xiarch\/","https:\/\/twitter.com\/xiarch","https:\/\/www.linkedin.com\/company\/xiarch"]},{"@type":"Person","@id":"https:\/\/xiarch.com\/blog\/#\/schema\/person\/655d814a04eacce56942270cfdc5c59c","name":"Xiarch Security","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/xiarch.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/d33699ed91b76568586dc1ae278ea568?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d33699ed91b76568586dc1ae278ea568?s=96&d=mm&r=g","caption":"Xiarch Security"},"sameAs":["https:\/\/xiarch.com\/blog\/"],"url":"https:\/\/xiarch.com\/blog\/author\/vector\/"}]}},"_links":{"self":[{"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/posts\/2069"}],"collection":[{"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/comments?post=2069"}],"version-history":[{"count":1,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/posts\/2069\/revisions"}],"predecessor-version":[{"id":2076,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/posts\/2069\/revisions\/2076"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/media\/2073"}],"wp:attachment":[{"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/media?parent=2069"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/categories?post=2069"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/tags?post=2069"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}