More cyberattacks on critical infrastructure as IT systems are severely disrupted at several European oil and transport companies
A number of critical industries, including oil suppliers and seaports across Europe, have suffered large-scale cyberattacks.
Port facilities in Belgium, Germany and the Netherlands have been the target of cyberattacks, authorities quoted by The Associated Press as saying.
Earlier this week, US Deputy National Security Adviser Anne Neuberger told her European counterparts that Russia could use cyberattacks as part of its destabilization efforts as it considers whether to invade. Ukraine.
Critical Industrial Attacks
And a few days ago, computer systems associated with a German fuel supplier’s tank loading/unloading automation were crippled by a cyberattack.
Oiltanking GmbH and Mabanaft GmbH, an oil supplier, are affected, both subsidiaries of the Marquard & Bahls group.
Oiltanking GmbH supplies all 1,995 Shell filling stations in Germany, but local authorities have stressed there is no shortage of fuel.
Meanwhile, Shell said it was redirecting oil supplies to other depots.
Reports are now emerging that several oil transport and storage companies in Belgium and the Netherlands are also facing large-scale cyberattacks.
According to the Associated Press, officials say the attacks began several days ago and mainly disrupted operations at oil terminals and ports, preventing tankers from delivering power.
In addition to the cyberattack that hit the port of Hamburg, attacks were also reported at the oil terminals of SEA-Invest in Belgium.
Meanwhile, Evos in the Netherlands told the BBC that IT services at terminals in Terneuzen, Ghent and Malta had “caused delays in execution”.
Belgian authorities have launched an investigation after the disruption of the ports of Ghent and Antwerp-Zeebrugge.
An official at Rotterdam-based brokerage firm Riverlake – Europe’s largest cargo port – told The Associated Press that the hack had prevented some oil barges from unloading.
“Several port terminal software has been hacked and they can’t process barges,” broker Jelle Vreeman told AFP, “essentially the operating system is down.”
Geopolitical movements
These attacks echo the devastating May 2021 cyberattack against a major fuel supplier (Colonial Pipeline) in the United States, which caused widespread fuel shortages and panic buying along the US East Coast.
This attack dominated the June 2021 face-off between Biden and Russian President Vladimir Putin.
President Biden has reportedly promised Putin ‘retaliation’ if Russia attacks a list of 16 ‘critical’ facilities in America.
There is no official confirmation yet that these latest attacks are linked to NATO’s tense confrontation with Russia, which has placed 120,000 troops on the Ukrainian border.
Last month, Ukraine suffered a massive cyberattack that affected at least 70 government websites, as well as the embassies of the United States, United Kingdom and Sweden.
Western countries withdrew embassy staff amid invasion concerns.
Last week, GCHQ’s National Cyber Security Center (NCSC) warned UK organizations to take steps to strengthen their cyber security resilience, in response to malicious cyber incidents in and around Ukraine.
Germany got involved in the deal, due to Russia’s controversial Nord Stream 2 gas pipeline which will double Germany’s supply of Russian gas.
The Nord Stream 2 pipeline has therefore become a geopolitical hotspot, with NATO and the West warning that the pipeline will be impacted if Russia goes ahead and invades Ukraine.
Industry reaction
But attacks on critical infrastructure have prompted a response from some security experts.
“Critical National Infrastructure (CNI) is becoming an increasingly popular target for malicious actors due to the devastating effects that downtime and delays in this sector can have,” noted Dominic Trott, Chief Product Officer. United Kingdom at Orange Cyberdefense.
“You only have to look back to last year’s fuel crisis or the attack on the US supplier Colonial Pipeline to see this in action,” Trott said. “In this attack, the impacts have already spread far beyond the three countries where these companies are based, the connected nature of global supply chains, which has also affected ports in Africa and across Europe. “
“With concerns over rising energy prices already adding pressure to the sector, thwarting cyber attacks targeting key infrastructure has never been more critical and the serious consequences of not doing so are profound” , Trott said.
“Organizations responsible for the security of our CNI must ensure that a layered approach to cybersecurity is in place, adopting a defense-in-depth approach that leverages end-to-end security to meet the challenges of the organization (including ensuring operational resilience in the face of a cyber assault),” Trott said.
“Importantly, while defense in depth harnesses the power of security technology across all areas of the solution, it must also be complemented by investments in people and processes to enable protection, detection and around-the-clock threat response,” Trott advised.
Real-world impact
The fact that attacks can have immediate real-world impacts was also noted by Trevor Dearing, Director of Data Center Critical Infrastructure Solutions and Illumio Cloud Security Specialist.
“Ransomware is becoming more sophisticated and attacks more targeted,” Dearing said. “Recently, we’ve seen more attacks against the IT systems of manufacturers, logistics companies, and healthcare organizations that ultimately target the operational side of the business.”
“Unlike a bank or retailer where the target is customer information, these attacks disrupt logistics or the manufacturing process — they can have immediate real-world impacts,” Dearing said.
“Once an attacker gains access to an organization, they will quickly try to infect as many machines as possible using open, unprotected ports and protocols,” Dearing said. “Once the attacker reaches this range, the ransomware explodes and can wreak havoc.”
“Unfortunately, it’s too late to detect an attack at this point, which is why it’s helpful to have proactive protection in place before an attack occurs,” Dearing said. “Restricting the movement of ransomware by closing unused, high-risk ports isolates ransomware and significantly limits the impact of an attack.”
“By adopting a Zero Trust approach and allowing only known, verified communication between environments, security teams will stop an attack on IT systems affecting business or logistics processes,” Dearing said.
“With the shift to Industry 4.0 and the adoption of cloud-connected Industrial IoT, the potential impact of a ransomware attack will only grow,” Dearing concluded. “That’s why it’s important to act now and put in place security measures that will make our infrastructure resistant to attacks, even once they cross our perimeter.”
Last month, the White House ordered all US federal agencies to adopt a “Zero Trust” security model within the next two years.
This came after President Joe Biden signed an executive order in May 2021 to improve the country’s cybersecurity capabilities.
