Joseph Blount, chief executive of Colonial Pipeline, told the U.S. Senate committee that the malware gang responsible for last month’s cyberattack on the company was able to gain access to the company’s systems by stealing a single password.
He said that the attack occurred using a legacy VPN system that did not have multifactor authentication.
Security experts described the use of a one-factor login system as a sign of poor cybersecurity “hygiene” instead, they recommend two-factor authentication, which requires a secondary measure, some of which involves a mobile text or hardware token.
For more information, read the original story Reuters.