Two-Day Shutdown of U.S. Gas Pipeline complements of ransomware

    Many people believe that cybersecurity training and
awareness isn’t important in their jobs, especially if their role isn’t
technical. However, social engineering has led to the human element being the
weakest link in the cybersecurity chain and attackers can be very resourceful
and clever in their attempts. A recent attack on a U.S. natural gas compression
facility shows just how important this awareness can be.

    The Cybersecurity and Infrastructure Security Agency
(CISA) issued an alert this week stating that attackers had compromised the IT
and Operation Technology (OT) networks of a natural gas compression facility.
They deployed ransomware that encrypted data on both networks, causing a Loss
of View event affecting Human Machine Interfaces (HMIs), data historians, and
polling servers. Human operators could no longer monitor the status of
operations, which lead the 
company to enact an operational shutdown of the entire
pipeline for 2 days while parts were replaced and backups were restored. 

    The
attack did not result in any operational loss of control, however. 
he attackers didn’t get into the network through some
zero-day vulnerability or magical hacking skills: they used a spear-phishing
campaign to get an employee to click a malicious link. The link allowed them
access to the IT network where they were able to pivot into ICS machines due to
a lack of segregation 
between the corporate business network and the operations
network. The ransomware only affected Windows-based systems and not
Programmable Logic Controllers (PLCs).

    The CISA recommends asset owners to ensure IT and OT
networks are segregated and provide logical zones within to help stop lateral
movement. They also 
recommend multi-factor authentication for remote access
to operations net- works and a robust backup system. Another failing point in
this attack was the lack of preparedness in the emergency response plan for
cyberattacks: it only addressed physical safety threats.

    User training and cybersecurity awareness can go a long
way in helping to prevent attacks like these. Humans may always be the weak
link in cybersecurity, and it requires effort on the part of everyone in an
organization to help protect it, no matter what their role may be.

Sources