Remote work may have contributed to the weekend ransomware attack on Colonial Pipeline, according to the BBC. Remote login details that are hacked and stolen can be used by the hackers or sold on the dark web to other threat actors, a problem plaguing more and more companies due to extensive remote work during the pandemic. In addition, the "bad guys" responsible for the Colonial Pipeline incident appear to be a group that works much like a corporate franchise model, selling know-how and tools to associates who then pay a percentage of their takings to the main enterprise.
Although the Colonial Pipeline incident has received a lot of press because of its relation to national fuel supplies and security, the reality is that most ransomware attacks happen to ordinary companies regardless of their public profile. Small and medium businesses that do not have a full security apparatus can be especially appealing targets, because they are likely to pay rather than fight back against an attack. Being prepared with both security plans and a recovery/continuity plan can help prevent or mitigate a lot of heartache, contractual exposure with business partners, loss of business opportunity, negative PR, and more. The value of planning and security is even higher during the current work from home posture for most businesses.
Digital Shadows said the Colonial attack was helped by the coronavirus pandemic, with more engineers remotely accessing control systems for the pipeline from home. James Chappell, co-founder of Digital Shadows, said DarkSide could have bought account login details for remote desktop software such as TeamViewer and Microsoft Remote Desktop.