The US Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) recently highlighted a ransomware impacting pipeline operations. We wanted to bring this to your attention, as this type of attack could affect your business, as well.
This incident, which happened at a natural gas compression facility, was caused due to poor “Security Awareness Training.” The threat actor used a Spearphishing Link to gain access to the organization’s infrastructure and deploy ransomware to encrypt data in the organization’s operational technology network. The end result was a partial Loss of View for the human operators.
Though the organization had network segmentation implemented, it was either not robust enough or not implemented correctly because the threat actor was able to pivot to the control network and deploy the ransomware. Had this actor been more interested in control systems or inflicting damage as opposed to collecting a ransom, this would have been much worse—just think of what they could have done on the control network in your environment.
It’s also worth noting that the organization’s emergency response plan (ERP) did not specifically consider cyberattacks. All businesses would be well served to take a moment to review their ERP and verify they have a plan in place for a cyberattack.
Lastly, if you are not already receiving the US Department of Homeland Security’s “National Cyber Awareness System” alerts, we strongly encourage you to take a moment to sign up. This is an excellent free resource to keep you abreast of current threats that are actively being seen around the world.