Experts Insight On Ransomware Attack Forces U.S. Gas Pipeline To Shut Down

The Cybersecurity and Infrastructure Agency (CISA) responded to a ransomware attack that targeted a U.S. natural gas facility, forcing it to shut down for two days. CISA did not reveal when the incident happened or the identity of the victim organization. 

An employee of the facility clicked on a malicious link from a spear-phishing email, allowing a malicious actor to jump from the gas compression facility’s IT network onto the operational technology (OT) network. The attacker was then able to deploy data-encrypting ransomware on the networks.


EXPERTS COMMENTS
Tal Zamir, Founder and CTO,  Hysolate
February 20, 2020
Isolation can be achieved by a strong physical or virtual "air gap".
Organizations that handle critical infrastructure cannot trust OS-based security solutions as these had been proven to fail over and over again, similar to this recent example of ransomware successfully hitting US-based OT networks. Instead, these organizations must apply isolation/segregation approaches both at the network level and at the endpoint level. Isolation can be achieved by a strong phy ....
[Read More >>]
Nathan Brubaker, Senior Manager, Cyber Physical Team ,  FireEye
February 20, 2020
While early ransomware campaigns adopting this approach are often considered out of scope for OT security.
It appears in this case that the threat actor carried out some initial intrusion and lateral movement work probably to identify critical assets prior to deploying the ransomware. This is what we call post-compromise ransomware deployment and is what we are seeing as the next trend in ransomware (definitely including critical and industrial sectors)—and interestingly is the topic of one of our pr ....
[Read More >>]
Dr. Vinay Sridhara, CTO,  Balbix
February 20, 2020
The organization also cited ‘gaps in cybersecurity knowledge and the wide range of possible scenarios.’
This is yet another breach where humans are the easiest path to infiltration by attackers. As with other high profile events, this one propagated from a lower value target to an extremely high value target. Starting with a targeted phishing attack, the adversary then pivoted across networks, eventually using commodity ransomware to encrypt critical infrastructure data. Organizations, especially th ....
[Read More >>]
Max Vetter, Chief Cyber Officer ,  Immersive Labs
February 20, 2020
The natural gas facility has specifically named a lack of practised cyber skills.
This latest ransomware attack demonstrates the need to ensure both technological and human cyber security capabilities are as strong as they can possibly be. The natural gas facility has specifically named a lack of practised cyber skills as a fundamental cause of the breach, which has led to the pipeline being shut. Security professionals talk a lot about making sure you have bought all the right ....
[Read More >>]
Saurabh Sharma, VP,  Virsec
February 20, 2020
This alert highlights a growing problem across the industrial control space.
This alert highlights a growing problem across the industrial control space. While many organizations operate under the assumption that their ICS systems are isolated, increased connectivity, poor security awareness, and human mistakes continue to expose critical infrastructure to attack. While the effect of these attacks might not be catastrophic, ransomware can cause significant disruption, brin ....
[Read More >>]
Joseph Carson, Thycotic,  Chief Security Scientist
February 20, 2020
A strong incident response plan and business continuity should be a top priority.
Cyber security of critical infrastructure is absolutely crucial, as the consequences of an attack can be severe and widespread with the potential on having a cascading effect on other facilities or suppliers. Cyberattacks against the energy sector can have rippling effects to other critical infrastructure that depends heavily on energy such as hospitals without power, logistics on hold and transpo ....
[Read More >>]
Stuart Reed, UK Director,  Orange Cyberdefense
February 20, 2020
The crux of the matter is that attacks don’t need to be sophisticated to have a significant impact.
A natural gas pipeline having to shut down for two days from a spear-phishing attack is yet another example of the real world implications of cyber on critical national infrastructure. This has knock on effects for customers and partners who rely on that supply to conduct their own business, not to mention putting the gas facility in a difficult position. Above all it shines a light on the importa ....
[Read More >>]
Andrea Carcano, Co-founder and CPO,  Nozomi Networks
February 20, 2020
Overall, industrial organisations need to ensure critical infrastructure resilience.
This is yet another example of the significant rise in the number of cyberattacks to targeted critical infrastructures, and a reminder that the threats are real and need to be addressed. Hackers are learning new tactics and avenues to infiltrate industrial control systems (ICS) like this U.S. natural gas compressor. This attack method accessed the IT network before moving into the OT network, vali ....
[Read More >>]
Elad Shapira, Head of Research,  Panorays
February 20, 2020
Moreover, other facilities needed to halt operations for two days as well because of pipeline transmission dependencies.
This latest cyberattack on a US natural gas compression facility illustrates what can happen when there’s no formal cyber action plan in place. In this case, the facility’s emergency response plan did not even consider cyber incidents, so that employees had no knowledge about how to deal with the attack. Moreover, other facilities needed to halt operations for two days as well because of pipel ....
[Read More >>]
Peter Goldstein, CTO and Co-founder,  Valimail
February 20, 2020
In fact, users in the U.S. open 30% of phishing emails, and 12% of those targeted by these emails click.
Phishing is implicated in more than 90% of all cyberattacks, and this attack on a U.S. natural gas facility shows exactly why: Email is a highly effective attack vector. Many companies invest in security training to prevent these types of cyberattacks, but as a defense, this is not completely reliable. That’s because malicious actors often leverage impersonation and social engineering to appear ....
[Read More >>]

If you are an expert on this topic:

Submit Your Expert Comments


In this article