Oil and gas facilities have been under frequent cyber-attacks. A ransomware attack was launched on a major natural gas compression facility in the USA. The reported attack occurred during February 2020, but the owner and name of the facility has been withheld. Investigators feel that the attack took place in December 2019 and involved Ryuk malware. The attack resulted in a two (2) days suspension of service and disrupted their supply chain. Due to good planning, cyber threat preparedness, and back-up protocols, the facility was able to be brought back online using back-ups.
The attackers were able to penetrate the facility’s network and then infiltrate the control and communications of the systems operations. The Cybersecurity and Infrastructure Security Agency (CISA) stated in a report that the attackers successfully spearfished an employee to gain their initial access. Spearfishing is a low-tech emailing spoofing attack, in which the emails appear to originate from a trusted party/source. These attacks are more sophisticated that a phishing attack, since they are carefully designed and targeted to get a single person to respond.
CISA noted that the attackers did not gain the access to control the facility’s physical processes. This could have resulted in the loss of the plant and lives of employees. Management immediately performed a controlled shutdown of all operations until they were confident that hackers had not taken over control of the entire plant. As to the supply chain consequences, their delivery pipeline was also shut down for 2 days. The facility did have policies in place for emergencies, but they did not include procedures for dealing with cyber-attacks. Management is currently reviewing all emergency response directives and exercises.
If Red Sky Alliance was able to learn the name of the company, we could prepare a RedXray daily report and show what our company knew about cyber threats directed at the target. Included is an actual daily cyber threat notification report on an oil & gas industry company. We have redacted the company name for their protection. Let’s call it Acme Oil.
Acme Oil is a publicly traded limited partnership with corporate headquarters in OilRich TX, that engages in the acquisition and management of infrastructure assets on a global basis. Acme is within the oil and gas energy sector. Acme Oil is a member of the Petroleum Equipment & Services Association (PESA), which Red Sky Alliance actively monitors for threats and vulnerabilities.
What can oil and gas companies and their suppliers learn from these types of cyber-attacks? Red Sky Alliance publishes a weekly Tactical Cyber Report: Oil & Gas which can be found at https://redskyalliance.org. All previous reports can be found under the tabs of Industries, Oil & Gas. There is no charge for access to the RedSkyAlliance.org portal and we invite you to join.
Red Sky Alliance has been has analyzing and documenting cyber threats for 8 years and maintains a resource library of malware and cyber actor reports. Please feel free to contact our analyst team for research assistance and Cyber Threat Analysis on your organization.
What can you do to better protect your organization today?
- All data in transmission and at rest should be encrypted.
- Proper data back-up and off-site storage policies should be adopted and followed.
- Institute cyber threat and phishing training for all employees, with testing and updating.
- Review and update your cyber threat and information security policies and procedures. Make them a part of all emergency planning and training.
- Enroll your company/organization in RedXray for daily cyber threat notifications are directed at your domains. RedXray service is $500 a month and provides threat intelligence on nine (9) cyber threat categories including Keyloggers, with having to connect to your network.
- Purchase annual cyber insurance coverage from Red Sky Alliance provided by Cysurance
Red Sky Alliance is in New Boston, NH USA and is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments or assistance, please contact the office directly at 888-RED-XRAY or (888)-733-9729, or email feedback@wapacklabs.com
Website: https://www.wapacklabs.com/
LinkedIn: https://www.linkedin.com/company/wapacklabs/
Twitter: https://twitter.com/wapacklabs?lang=en