Wave Systems Corp. (fka WAVXQ)

[Genz2]

One password allowed hackers to disrupt Colonial Pipeline, CEO tells senators

https://www.investing.com/news/commodities-news/colonial-pipeline-ceo-tells-senate-cyber-defenses-were-compromised-ahead-of-hack-2526379

NEW YORK (Reuters) - The head of Colonial Pipeline told U.S. senators on Tuesday that hackers who launched last month's cyber attack against the company and disrupted fuel supplies to the U.S. Southeast were able to get into the system by stealing a single password.

Colonial Pipeline Chief Executive Joseph Blount told a U.S. Senate committee that the attack occurred using a legacy Virtual Private Network (VPN) system that did not have multifactor authentication in place. That means it could be accessed through a password without a second step such as a text message, a common security safeguard in more recent software.

"In the case of this particular legacy VPN, it only had single-factor authentication," Blount said. "It was a complicated password, I want to be clear on that. It was not a Colonial123-type password."

The panel was convened to examine threats to critical U.S. infrastructure and the Colonial attack, which shut key conduits delivering fuel from Gulf Coast refineries to major East Coast markets. Cyberattacks also hit U.S. meatpacking plants owned by JBS, showing the breadth of infrastructure facing cyber threats.

The Colonial Pipeline hack demonstrated that much of the company's infrastructure remains highly vulnerable and the government and companies must work harder to prevent future hacks, senators said during the hearing.

Security experts call the use of a single-factor login system a sign of poor cybersecurity "hygiene." They recommend two-factor authentication, which requires a secondary measure like a mobile text or hardware token, and most major companies require this across all internal applications.

Senators questioned Blount about the company's preparations and the timeline for responding to the ransomware attack, which shut the line for days and led to a spike in gasoline prices, panic buying and localized fuel shortages.

"I'm alarmed this breach ever occurred in the first place," said Senator Gary Peters, the committee's chairman. "Make no mistake: if we do not step up our cyber security readiness, the consequences will be severe."

The FBI attributed the hack to a gang called DarkSide. Some senators suggested Colonial had not sufficiently consulted with the U.S. government before paying the ransom against federal guidelines.

Blount said he made the decision to pay ransom and to keep the payment as confidential as possible because of concern for security.

"It was our understanding that the decision was solely ours to make about whether to pay the ransom," he said.

Blount said Colonial did not have a plan in place to prevent a ransomware attack, but did have an emergency response plan. The company notified the FBI within hours.

Blount said Colonial has invested over $200 million over the last five years in its IT systems. When pressed to answer how much Colonial has spent to keep its pipeline cyber secure, Blount repeated that amount. A company spokesperson later clarified the $200 million was for IT overall, which includes cyber security.

On Friday, U.S. Deputy Attorney General Lisa Monaco urged companies to tell federal authorities whether they paid ransom to cyberattackers, information that can help investigators.

Blount said even after getting the key from the hackers, the company is still recovering from the attack and is bringing back seven finance systems that have been offline since May 7.

On Monday, the Justice Department said it had recovered some $2.3 million in cryptocurrency ransom paid by Colonial Pipeline.

Colonial Pipeline previously had said it paid the hackers nearly $5 million to regain access. The value of the cryptocurrency bitcoin has dropped to below $35,000 in recent weeks after hitting a high of $63,000 in April.


As a result, the government recovered about 60 of the 75 bitcoin paid, but the value has dropped, falling short of the total dollar amount Colonial paid.

Bitcoin seizures are rare, but authorities have stepped up their expertise in tracking the flow of digital money as ransomware has become a growing national security threat and put a further strain on relations between the United States and Russia, where many of the gangs are based.
=================================================================
If Colonial had Wave solutions, this disaster wouldn't have happened!!! And at less than half the cost, Wave VSC 2.0 would have protected against this and so much more!!! Please see the Wave Virtual Smart Card link below for its awesome capabilities!!!
==================================================================
http://www.wavesys.com/products/wave-virtual-smart-card

Get better security at less than half the cost

Passwords are weak. Tokens are expensive. Don’t compromise on security or price.

Wave Virtual Smart Card does anything your physical smart cards and tokens do, but it starts with hardware you already have: the Trusted Platform Module (TPM), a hardware security chip built into the motherboard of most business-class PCs. You may not even know you have it, but once you do, the TPM can be used in a myriad of ways. Wave turns it into a smart card, embedded directly into your laptop.

What can it be used for?

What do you use your smart card for today? With the exception of keying open the door at work, Wave Virtual Smart Card can perform any of the services or applications you rely on your smart card for today. Secure VPN, WiFi, remote desktop, cloud applications – it can all be done with a virtual smart card.

One helpdesk call you'll never get: "I lost my virtual smart card again..."

There are so many ways to lose a token – couch cushions, street drains, curious toddlers. In fact, up to 30% of all tokens are eventually lost. It’s much harder to lose a laptop, and you notice a lot faster when you do.

The user experience with a virtual smart card is simple: he or she logs in with a PIN (authentication factor number one). The TPM (authentication factor number two) then transparently identifies the device to the network and connects the user to all the approved services. It’s one less thing for users to carry around.

What will you do with >50% TCO savings?*

Tokens and smart cards require an additional hardware purchase, plus the time and money to ship to remote users. Use something that’s already in the users’ hands (the TPM), and your acquisition and deployment costs are lower.

Then consider the management savings in not having to replace lost and stolen tokens. That means fewer helpdesk calls, less interruption of user productivity, and fewer acquisition and shipping costs.

When we say “secure”…

…we mean it. Our solution starts with a proven hardware root-of-trust. Multi-factor authentication is an established best-practice for strong authentication: the TPM-based virtual smart card is one factor (something you have) and the user PIN is a second factor (something you know).

*Actual number may vary. Contact us today to receive more details and a free quote.

Key Features:

• Full lifecycle management of virtual smart cards
• Intuitive interface to create (or delete) virtual smart cards
• Command line option to create and delete virtual smart cards
• Flexible PIN policies
• Helpdesk-assisted PIN reset and recovery
• Generates reports for compliance
• Integrates with Active Directory
• Supports familiar use cases ? Virtual Private Network (VPN)
? Local logon
? Remote logon
? Remote desktop access
? Intranet/Extranet
? Cloud applications
==================================================================
http://www.wavesys.com/

http://www.wavesys.com/contact-information

Contact Wave

Wave Systems
401 Congress Avenue
Suite 2650
Austin, TX 78701
sales@wavesys.com

Gold Customer Support:

goldsupport@wavesys.com

1-800-928-3638

Support:

support@wavesys.com

1-844-250-7077

Sales:

1-877-228-WAVE