4 min read time

So, just how safe is your Mainframe?

by   in Application Modernization

The one certainty about cybercrime is that more frequent and sophisticated attacks are coming. Organizations must prepare for attacks and understand their systems are vulnerable. In his latest post, Que Mangus looks at recent breaches and the solutions that could have prevented or reduced their impact.

Recent breaches

Colonial Pipeline – Access and Ransomware

Cyberattacks are back on the front pages. The recent ransomware attack on the Colonial gas pipeline reduced the US East Coast’s fuel supply by nearly half. A recent Reuters article, Cyberattack on pipeline spotlights holes in U.S. energy security was clear on the message.  

“This pipeline shutdown … [proves] core elements of our national infrastructure [are] vulnerable to cyberattack. Securing our energy infrastructure is a national security issue that involves several different federal agencies and requires centralized leadership.”

The impact was tangible. Shortages, price increases, panic, and a ransom payment of $4.4 million to unlock systems hackers had penetrated. The FBI recovered most of the funds by a little sneaky work of their own, accessing the password of one of the gang's bitcoin wallets.

So, how did this happen? In this article, the company and a cybersecurity firm claim “ransomware attackers … used a leaked password found on the dark web, linked to a disused virtual private networking account used for remote access and not guarded by multi-factor authentication. It's unclear how hackers got the account credentials.” This is critical – one compromised login to an important system and the attackers have control.

JBS Meat – Another Ransomware Attack

Another recent ransomware attack at JBS, the world’s largest meat supplier, prompted shutdowns at company plants in North America and Australia, forcing around 20% of US beef production offline. While it is unknown if JBS paid the ransom it was able to get it systems back online after a few days’ shutdown.

Nobelium Attacks – Compromised Credentials and Phishing Schemes

These were not ransomware, but enabled by using a contact list to send phishing emails to approximately 3,000 email accounts at more than 150 different organizations, including government agencies, think tanks, consultants, and non-governmental organizations. The same Russian attacker, Nobelium, was behind the attacks on SolarWinds customers in 2020.  

As the Microsoft blog, Another Nobelium Attack, noted, “Nobelium launched this week’s attacks by gaining access to the Constant Contact account of USAID, a service used for email marketing…distributing phishing emails that looked authentic but included a link that, when clicked, inserted a malicious file used to distribute a backdoor we call NativeZone. This … enabled activities from stealing data to infecting other computers on a network. When coupled with the attack on SolarWinds, it’s clear that part of Nobelium’s playbook is to gain access to trusted technology providers and infect their customers.”

The Mainframe is vulnerable

Although these recent breaches did not specifically target the mainframe, they demonstrate that any system can be vulnerable. As the mainframe remains the backbone of many organizations’ IT, it is a target. This Micro Focus blog post noted that 63 percent of recent survey respondents, who are mainframe owners, claim their focus is on security. Is your organization focused on mainframe security – and are you prepared for an attack?

Access is key. If an attacker cannot gain access, then a breach cannot occur. Of the multiple ways to protect a vulnerable system, one of the most effective methods is multi-factor authentication, or MFA, which demands more than a single, “crackable” password. This authentication method grants access only after the successful presentation of two or more proofs of identity, or factors. These include passwords, hardware tokens, numerical codes, and biometrics, to name a few. MFA greatly increases security by providing an extra barrier and layer of security that makes it difficult for attackers to penetrate.

Defend your Systems with Micro Focus

Micro Focus solutions, including Advanced Authentication, the Advanced Authentication Connector for z/OS, and Host Access Management and Security Server (MSS) can protect your systems.

Micro Focus Advanced Authentication framework uses two-factor or MFA to strengthen authentication levels. Micro Focus Multi-Factor Advanced Authentication can provide MFA throughout the organization, while the AA Connector for z/OS extends that MFA to the mainframe, ensuring MFA protection for every IBM z/OS endpoint.

MSS enables centrally managed, secure terminal emulation, while the advanced authentication add-on leverages the same level of MFA and authorized access to valuable host systems. This ensures that only individuals who have proven their identity can access them.

With these controls in place, it would have been difficult, if not impossible for attackers to breach Colonial Pipeline or JBS meats, and the email database could not have been breached through the Nobelium attack.


Cyberattacks are on the rise. These recent attacks show us the vulnerabilities of organizations and should be a wake-up call for all organizations to evaluate their security measures and controls. Without MFA or similar, one compromised credential and systems are breached.

To understand the expert view on mainframe access and security, check out the recent IDC whitepaper, The Modern Mainframe – Automated, Protected, Connected.

To see how you can use MFA with the mainframe, view this whitepaper, Using Multifactor Authentication to Authorize Mainframe Access, and discover more about mainframe security at this webinar, Tech Tips: Extend Enterprise Security to the Mainframe