In the latest in a string of attacks targeting America’s energy infrastructure over the past few years, a ransomware attack caused a US natural gas compressor facility to shut for two days.
A malicious link was sent by email, which meant hackers were able to gain control of the facility’s information technology system, according to the Department of Homeland Security. The agency didn’t say which facility was targeted, when the attack occurred or who was behind it.
Nathan Brubaker, a senior manager at the cybersecurity firm FireEye Inc, said it appears likely that the attacker explored the facility’s network to “identify critical assets” before executing the ransomware attack.
He said this tactic makes it “possible for the attacker to disable security processes that would normally be enough to detect known ransomware indicators.”
The DHS alert comes amid increased concern about whether aging US energy facilities are equipped to ward off cyber-attacks that could result in power failures and disruptions to oil and natural gas supply. In 2018, several pipeline companies saw their electronic systems for communicating with customers shut down after being targeted by hackers.
Regulators have urged better oversight for pipeline cybersecurity, which is overseen by the Transportation Security Administration. DHS announced in 2018 that it was working with the TSA and the Department of Energy on a pipeline cybersecurity initiative.
The hackers didn’t gain control of the gas compression facility, but the operator decided to perform a controlled shutdown after being unable to read and aggregate real-time operational data from certain devices.
For more information visit www.dhs.gov