Oiltanking GmbH, a German petrol distributor who supplies Shell gas stations in the country, has fallen victim to a cyberattack that severely impacted its operations.
Additionally, the attack has also affected Mabanaft GmbH, an oil supplier. Both entities are subsidiaries of the Marquard & Bahls group, which may have been the breach point.
Below are some comments from cybersecurity experts.
<p>Although the company is currently working to determine the exact extent of the attack and minimise the damage, it looks as if it has been the victim of a ransomware attack.</p>
<p>This type of attack on companies uses vulnerabilities in the IT infrastructure as a gateway to first scan the entire company network. Only when sufficient data and information have been compromised by the hackers does the intruder, who has often remained undetected until then, reveal themselves. Then the internal systems are completely hijacked and paralysed by malware. In exchange for money, the affected company is then usually provided with a key to regain control.</p>
<p>But what makes this latest attack so explosive is the fact that hackers specifically targeted a company whose operations are critical to the economic infrastructure – meaning it can impact the entire, complex supply chain.</p>
<p>This type of attack repeatedly highlights how important it is for companies to have an overview of their entire IT environment. After all, with the right tools, an attacker can be found on the network before they make their presence felt using malware. This is where a centrally manageable and automated endpoint management solution is of great benefit, as it allows not only full visibility of all the endpoints, but also full control over them. Vulnerabilities and security gaps can thus be detected quickly and in real time using reliable endpoint data. In this way, the likelihood of a successful cyber-attack can be prevented and its impact significantly minimised. After all, a company can only adequately secure and protect its networks by having an all-encompassing overview.</p>
<p>The oil and gas industry is a high-value and lucrative industry and so naturally one that cybercriminals are keen to target. This attack demonstrates that criminals aren’t slowing down when it comes to targeting critical infrastructure and serves as a reminder that organisations in this sector have a huge responsibility to keep private information secure.</p>
<p>Although the cause of the hack is yet unclear, organisations can limit the impact of these attacks by ensuring they have clearly defined cybersecurity policies and procedures in place. With risky employee IT behaviours frequently causing security compromises, this starts with employee education – which underscores all effective cyber resilience and data protection strategies.</p>
<p>Security awareness training programmes can now inform and test employees on the latest threats in real-time, including information security, social engineering, malware, and industry-specific compliance topics. Along with comprehensive best practice guides, organisations can use these tactics to improve employee vigilance and defend endpoints from attacks in the future.</p>
<p>The BlackCat ransomware and the ALPHV hacker group behind it were practically unknown until the end of 2021, but according to our estimates the group is currently building a franchise model and recruiting members of other groups such as REvil, Blackmatter or Darkside. </p>
<p>BlackCat cleverly allows the attacker to customise the attack to certain employees and choose what to shut down, as well as being able to learn how to move across into other parts of the network. These customizable tactics make it extremely effective in an attack and difficult to shut down. BlackCat operators are known to perform not only the standard encryption technique and data extraction, but also to include the added threat of a DDoS as well. </p>
<p>This extremely sophisticated ransomware attack shows once again how important medium-sized companies can be for critical infrastructure. The fact that the malicious code used has already been known since November makes it clear how much there is still to catch up on in terms of IT security.</p>
<p>Given the potential fragility of the fuel supply chain – as highlighted by recent shortages in the UK– disruptive cyberattacks can cause widespread disruption for consumers and businesses. Although the details and longer term impact of attack on Oiltanking and its parent company are unclear, it’s vital that other organisations take effective steps to ensure they aren’t the next victims of a successful breach. </p>
<p>Alongside the use of the latest cyber defence technologies, businesses must also frequently assess the level of risk they face from attacks. For instance, there’s little point in having the latest antivirus updates if your systems aren’t patched regularly or you have misconfigured admin accounts and unsupported software versions. Equally, staff must be trained on what to look out for when it comes to phishing e-mails. </p>
<p>However, securing your own network is only a partial solution if your suppliers aren’t doing the same. As we’ve seen recently in the US and elsewhere, attacks originating from other organisations are becoming more common as are those which might not actually spread, but take a supplier you rely on off-line.</p>
<p>Regularly assessing or monitoring your own, as well as partners’ and suppliers’ cybersecurity practices is critical. With luck the attack on Oiltanking won’t see widespread disruption in Germany, but it must be seen as a wake-up call to organisations that still aren’t 100% confident in their own and their partners’ cyber defences.</p>
<p>It is these types of cyberattacks on supposedly unknown companies that have a major impact on the entire supply chain of a critical infrastructure of a whole country. Cyber attackers are well aware of this and therefore choose targets that are simpler and easier to attack from their perspective. The effect can be the same as an attack on a major brand. This attack is very critical in that the supply chain for fuel, heating, and motor fuels can potentially be compromised. Cyber risks are a serious threat and cannot be neglected.</p>