UPDATED 22:31 EDT / FEBRUARY 19 2020

SECURITY

DHS issues alert after gas pipeline taken offline in ransomware attack

The U.S. Department of Homeland Security’s Cybersecurity and Infrastructure and Security Agency has issued a warning of potential cyberattacks after an unnamed gas pipeline was shut down following a ransomware attack last year.

The attack targeted the control and communication assets on the operational technology network of a natural gas compression facility according to the alert Tuesday. The attack vector started with a spear-phishing attack –that’s the practice of sending emails from an apparent trusted sender to get recipients to reveal confidential information — that gave those behind the attack access to the targeted network, which they then used to install ransomware.

Although safety is said not to have been jeopardized, the victim of the attack decided to implement a “deliberate and controlled shutdown of operations” as a precaution. The shutdown lasted two days, costing the unnamed gas pipeline operation revenue. Interestingly, the owner of the pipeline is said to have replaced network equipment affected by the ransomware attack rather than addressing the encryption of data.

CISA didn’t hold back in its alert, putting some of the blame on the pipeline owner. “The victim failed to implement robust segmentation between the IT and OT networks, which allowed the adversary to traverse the IT-OT boundary and disable assets on both networks,” the agency said.

“Phishing is implicated in more than 90% of all cyberattacks and this attack on a U.S. natural gas facility shows exactly why: Email is a highly effective attack vector,” Peter Goldstein, chief technology officer and co-founder of email security firm Valimail Inc., told SiliconANGLE. “Many companies invest in security training to prevent these types of cyberattacks, but as a defense, this is not completely reliable.”

The reason, he explained, is that malicious actors often leverage impersonation and social engineering to appear as trustworthy senders to victims, making their fraudulent messages indistinguishable from legitimate ones. In fact, he added, users in the U.S. open 30% of phishing emails, and 12% of those targeted by these emails click on the infected links or attachments.

Sam Roguine, Director at data protection company Arcserve LLC, noted that damaging ransomware attacks targeted at critical infrastructure have been on the rise in recent years. “If your cybersecurity and disaster recovery procedures aren’t up to the task of combating modern-day cybercrime, hackers will find the vulnerabilities and exploit them – that’s just the reality,” he said.

Kyle Miller, chief technologist at information technology consulting firm Booz Allen Hamilton Inc., explained that “operational technology” includes systems that help monitor and control physical equipment and processes found across industries. In turn, they help manage critical infrastructure that ensures reliable electricity, heat for buildings, fuel for cars and more.

“The new alert from CISA says the threat actor gained access to an organization’s IT network before pivoting to its OT network,” Miller said. “While commodity malware was used, the fact that they pivoted into the OT environment suggests that this may have been a targeted ransomware attack which is something we’re seeing more frequently.”

Miller noted that there’s an uptick in attackers trying to target softer environments such as OT systems because data backup and traditional security and antivirus technologies aren’t always used. “Because security isn’t always as robust in those environments, threat actors can use commodity ransomware and potentially make a broader impact,” he said.

Photo: Pxhere

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU