Caution: HermeticWiper Attacks
March 4, 2022
“I want to support Sababa in its growth and grow together with it”
March 23, 2022
One of the largest independent operators of tank terminals for oils, chemicals and gases worldwide was hit by a cyberattack that has impacted its operations in Germany.
Oiltanking – a major independent oil and gas storage company – has declared “force majeure” for the greater part of its inland supply activities in Germany, after a cyberattack disrupted its IT systems. The attack has also involved the oil supplier Mabanaft. Both companies are subsidiaries of the Marquard & Bahls group, which may have been the breach point.
Oiltanking supplies more than 20 companies in Germany with fuel, including Shell that alone operates 1,955 gas stations in the country. Following the incident, the century-old oil and gas giant has diverted operations to other suppliers in order to minimise disruption.
The targeted company stated that only German operations have been affected and that they are “committed to resolving the issue and minimising the impact as quickly and effectively as possible“.
The nature of the attack is unclear so far, but media reports and observers suggest it could be ransomware.
Ransomware attacks on critical infrastructures are on the increase
Nations already shocked by a global pandemic have seen ransomware actors increasingly targeting entities in critical infrastructures. In the U.S. alone, the FBI, NSA and Cybersecurity and Infrastructure Security Agency (CISA) have observed high-impact ransomware attacks against 14 of the 16 critical infrastructure sectors in 2021, including emergency services, food supply, schools, government facilities, and more.
Organisations in these sectors need to be operational 24/7 and can’t afford for their network to be out of service for an extended period of time. This is why most of them are reluctant to apply the steady flow of routine software patches necessary to protect against security vulnerabilities, thus giving ransomware gangs the keys to enter.
But when it comes to cyberattacks targeting OT environments, the disruption could potentially lead to serious and unforeseen consequences, affecting the flow of goods and services that are essential to keep modern society going on: take for example the ransomware attack on Colonial Pipeline that halted plant operations for six days, leading to a fuel crisis and increased prices in the eastern U.S.
What can you do to prevent ransomware attacks?
Supply chain attacks involve multiple different parties and can happen to any kind of business. But they hit Industrial companies most, as their priorities are built around safety of people and environment. Here are a few tips on how to prevent a ransomware attack:
- Train your employees. With human error being the cause of more than 90% of data breaches, empowering your employees to recognize common cyber threats can be vital to your organisation.
- Constantly monitor and assess your security posture. A robust security posture enables organisations to promptly respond to cybersecurity threats, thus preventing malware intrusions, data breaches and other attacks. By constantly monitoring IT assets, the attack surface will be considerably reduced.
- Be ready with an emergency plan. When it comes to cyber security incidents, an emergency plan needs to be in place to restore business operations as fast as possible. Every minute counts when you’re struggling to minimise the financial, reputational and operational impact of the incident to your organisation, so don’t be unprepared.
- Segregate IT and OT networks. The line between IT and OT is blurring. Businesses are increasingly connecting their OT with IT networks and infrastructures, thus making the attack surface wider and wider. Segmentation is the first step to take, aimed at isolating critical areas from the rest of the company.
