Skip to main content

Ransomware attack forces 2-day shutdown of natural gas pipeline



Ransomware attack forces 2-day shutdown of natural gas pipeline


Department of Homeland Security (DHS) on Tuesday said that an infection by an unidentified ransomware strain forced the shutdown of a natural-gas pipeline for two days.
For intunately, nothing blew up. The attacker never got control of the facility’s operations, the human-machine interfaces (HMIs) that read and control the facility’s operations were successfully yanked offline, and a geographically separate central control was able to keep an eye on operations, though it wasn’t instrumental in controlling them.
Where this all went down is a mystery.
The alert, issued by DHS’s Cybersecurity and Infrastructure Security Agency (CISA), didn’t say where the affected natural gas compression facility is located. It instead stuck to summarizing the attack and provided technical guidance for other critical infrastructure operators so they can gird themselves against similar attacks.
The alert did get fairly specific with the infection vector, though: whoever the attacker was, they launched a successful spearphishing attack, which enabled them to gain initial access to the facility’s IT network before pivoting to its operational technology (OT) network.
OT networks are where hardware and software for monitoring and/or controlling physical devices, processes and events reside. Some examples are SCADA industrial control systems, programmable logic controllers (PLCs), and HMIs.
After the attacker(s) got their hands on both the IT and OT networks, they deployed what CISA called “commodity” ransomware, encrypting data on both networks. Staff lost access to HMIs, data historians and polling servers. Data historians – sometimes referred to as process or operational historians – are used in several industries, and they do what you might expect: record and retrieve production and process data by time and store the information in a time series database.
Although humans partially lost their view of some low-level OT devices, the attack didn’t affect PLCs, and hence, the facility never lost control of operations. 

Comments

Post a Comment

Popular posts from this blog

Top Cybersecurity Job Roles & Skills Required in 2025

Top Cybersecurity Job Roles & Skills Required in 2025 Security Analyst Responsibilities: Monitor security incidents and events Conduct vulnerability assessments and penetration testing Implement security controls and policies Required Skills: SIEM tools (e.g., Splunk, Sumo Logic) Network security fundamentals Incident response and threat intelligence Security Engineer Responsibilities: Design and implement security solutions Develop and enforce security policies Ensure system security compliance Required Skills: Firewalls, IDS/IPS, and endpoint security Scripting languages (Python, Bash, PowerShell) Cloud security (AWS, Azure, GCP) Penetration Tester (Ethical Hacker) Responsibilities: Conduct security testing to identify vulnerabilities Simulate cyberattacks to evaluate security posture Document findings and provide mitigation strategies Required Skills: Ethical hacking (CEH, OSCP certification preferred) Penetration testing tools (Metasploit, Burp Suite, Nmap) Knowledge of web app...
Post a Comment
Read more

Understanding Ransomware

Ransomware is a type of malicious software designed to encrypt or block access to a victim's files or entire computer system. The attackers demand a ransom payment, typically in cryptocurrencies, in exchange for providing the decryption key or restoring access. This insidious form of cyberattack has evolved over the years, becoming more sophisticated and causing significant disruption.   The impact of ransomware attacks can be devastating on multiple levels. For individuals, it can result in the loss of personal data, compromising sensitive information like financial records or personal documents. In businesses, ransomware can disrupt operations, leading to financial losses, reputational damage, and potential legal implications. Critical infrastructure, such as healthcare or government systems, can also become targets, risking public safety and national security.
Post a Comment
Read more

Information security !!!

 
Post a Comment
Read more