VIN3 - Virtual Information Economy

The password had been linked to a disused virtual private networking account used for remote access, cybersecurity firm FireEye confirmed, and the account was not guarded by an extra layer of security known as multi-factor authentication

vin3_EN 2021-06-05 07:03:04

1ºSystem hardening is an overlooked control for many companies. Need to remove/disable unneeded applications, close any unused ports, stay consistent on updating software, firewall/IPS/IDS, and OS systems, disable guest/inactive accounts, require multifactor authentication, and require passwords to be changed on a regular basis.

I've seen cases where accounts as old as 10 years are still on a system. 10 years ago, a password of doglover75 was more secure than it is today.

People also like to reuse the same password so it helps to activate minimum and maximum password age. Set a new password to have a minimum age of 45 days or so.

Ransomware attackers used compromised password to access Colonial Pipeline network

The password had been linked to a disused virtual private networking account used for remote access, cybersecurity firm FireEye confirmed, and the account was not guarded by an extra layer of security known as multi-factor authentication