In a worrying trend, oil facilities in Germany, Belgium and the Netherlands have all recently been targeted by cyber-attacks.
The attack on German oil, vehicle fuel and petroleum products company Oiltanking Deutschland GmbH & Co. KG happened just over a week ago. Some reports have suggested that the company’s systems were hit by ransomware, thereby seriously limiting capacity. Also, the German oil company ‘Mabanaft’ was the victim of an attack on its production systems.
In Belgium too, the day before the German attack, SEA-Invest terminals including the company’s largest in Antwerp (called SEA-Tank), were hit by a cyber-attack. The attack also affected every European port run by SEA-Invest, as well as ports in Africa.
In the Netherlands, gas, and oil storage company Evos was also targeted resulting in the IT services at its Terneuzen terminal being disrupted, causing delays in operations.
Attacks on oil companies can be extremely disruptive and costly. For example, American oil pipeline company Colonial Pipeline Co. was hit by a ransomware attack last April that resulted in Colonial paying hackers a $4.4 million ransom. The hackers are believed to have been affiliates of the Russia-linked cybercrime group ‘DarkSide’ who also stole nearly 100 gigabytes of data in the attack.
Investigations revealed that the attackers gained access using the login details of a VPN account that were part of a batch of leaked passwords on the dark web. The account didn’t use multifactor authentication, which meant that the hackers could breach the network using just a compromised username and password!
It’s estimated that it typically costs between 650,000 and 1.5+ million euros for organisations, such as oil companies, to recover from a big ransomware attack
Linked / Coincidence?
Although it has not yet been conclusively proven who was behind the attacks, or whether they were linked, some commentators have noted that the timing, with Russia threatening to close its oil pipelines to Europe over the crisis in Ukraine, may be more than a coincidence. Some have also noted that with Germany being a major European consumer of Russian fuel, an attack of this kind could act as a way to pressure Germany.
What Does This Mean For Your Business?
The situation between Russia and Ukraine led to warnings last week that US and European businesses needed to prepare themselves for possible Russian-based cyber-attacks. Russia currently supplies around 35 percent of the European Union’s natural gas (with Germany buying the most) and exports most of its crude oil to Europe. It is perhaps not surprising, therefore, that coupled with the threat of shutting off the gas pipeline, Russia could (if they were behind the attacks) apply more pressure and create huge disruption to multiple businesses along many supply chains in many different countries. One important thing about these and similar attacks (e.g., the Colonial Pipeline Co attack) is that it can take something as small one set of stolen login details (and no 2FA) and/or an old account that hasn’t been shut down to cause untold damage to a business of any size. A chain is only as strong as its weakest link and with more attacks likely, now would be a good time for businesses and organisations to tighten-up on basic security measures and remind staff of the threats and best practice (policy) to deal with them e.g., have strong passwords changed regularly, no password sharing and ensuring nobody clicks on unknown links in emails, to name but a few.