Every time I read about another attack, I am always interested in how the attackers gained initial access into the network. With the recent Colonial Pipeline attack, the initial infection point was reportedly an old, unused, but still open VPN account. The password had been found on the dark web rather than obtained via phishing, implying that it had been leaked or reused by a Colonial employee. The VPN account did not have two-factor authentication (2FA) enabled, allowing the attacker to merely log in.
To read this article in full, please click here
(Insider Story)Support the originator by clicking the read the rest link below.