May 14, 2021

Colonial Pipeline Ransomware Attack

Recommendation for Lookout Admins

While there is no silver bullet against ransomware, combining Lookout Zero Trust Network Access, Modern Endpoint Protection, and Phishing & Content Protection will help mitigate the risk. By doing this, Lookout admins can continuously assess risk across endpoints, protect employees from account compromise, and modernize access policies to cloud and on-premises infrastructure. Adopting this strategy grounded in Zero Trust ensures that only authorized users can access resources and enables admins to give the right employees enough data access to do their jobs, but not so much that any account or device has access to everything.


Colonial Pipeline, which is the owner of the largest pipeline system in the United States, recently fell victim to a ransomware attack that forced the company to halt its operations and pay a $5 million ransom. This incident exemplifies the evolving tactics used by ransomware groups that leverage the fact that most every organization now must support remote or hybrid work.

This incident provides more evidence of organized groups carrying out scalable campaigns that increase their success rate and enable them to reinvest in new tools and procedures. Doing so enables them to take advantage of organizations with distributed workforces where security teams don’t have the same visibility they once did when everything was inside the corporate perimeter.

Lookout Analysis

In this situation, employees expect seamless access to all resources from unmanaged and personal devices on networks outside the traditional perimeter. To them, it doesn’t matter where that resource resides as long as they can access it, but for security teams that means broadening access capabilities to ensure everyone can be productive.

In addition, employees want to be productive from any device including their personal smartphone or tablet. Attackers know this and target employees through personal apps to steal their login credentials. This enables attackers to discreetly enter the infrastructure using legitimate credentials that a traditional VPN solution would likely not detect. Since VPNs tend to give unlimited access to whoever connects, the attacker can then move freely around various apps and other components of cloud and on-prem infrastructure.



Cloud & Endpoint Security

Lookout is a cybersecurity company that makes it possible for tens of millions of individuals, enterprises and government agencies to be both mobile and secure. Powered by a dataset of virtually all the mobile code in the world -- 40 million apps and counting -- the Lookout Security Cloud can identify connections that would otherwise go unseen and predict and stop mobile attacks before they do harm. The world’s leading mobile network operators, including AT&T, Deutsche Telekom, EE, KDDI, Orange, Sprint, T-Mobile and Telstra, have selected Lookout as its preferred mobile security solution. Lookout is also partnered with such enterprise leaders as AirWatch, Ingram Micro, Microsoft, and MobileIron. Headquartered in San Francisco, Lookout has offices in Amsterdam, Boston, London, Sydney, Tokyo, Toronto and Washington, D.C.

Entry Type
Threat Guidances
Threat Type
Platform(s) Affected
Threat Guidances

Stop Cyberattacks Before They Start With Industry-Leading Threat Intelligence.