• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Jobs
  • Career
    • Cyber Security Training
    • Work from Home
    • Cyber Security Analyst
    • Remote Work – Six Ways to Keep Your Data Safe When Working Remotely
  • Field Guide
  • Newsletter Signup
  • Deals
  • News
AskCyberSecurity.com

AskCyberSecurity.com

Cyber Security News & Information

  • Home
  • Data Privacy
    • Gamers
    • Government Cyber Security
      • Legislation
      • Standards
        • What are the risks of computer security?
        • Medical Cyber Security
    • Social Media
  • Security
    • Data Breaches
    • Scams
    • Malware
  • Software
    • Apps
    • Web Browsers
  • Glossary
    • Cyber Security Acronyms
  • About Ask Cyber Security
    • Authors
    • Contact Us
  • VPN
    • How Do I Know If My VPN is Working?
    • Best Free VPN iPhone
    • Why Use a VPN?
    • NordVPN vs IPVanish
    • Private Internet Access Download
    • Best VPN for Streaming
      • TikTok VPN
    • VPN Porn
    • Computer Security Software – What You Really Need
  • Tutorials
AskCyber Home » News » Malware » DHS Warns Critical Industries After Ransomware Hits Gas Pipeline Facility

DHS Warns Critical Industries After Ransomware Hits Gas Pipeline Facility

2020-02-19 by Michelle Dvorak

Ransomware Hits Gas Pipeline

Ransomware Hits Gas Pipeline Facitlity – DHS Warns Critical Industries to Plan and Prepare for Cybeattacks

The Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) issued an alert to help system administrators prepare for and defend against malware attacks targeting critical industries. The facility suffered a loss of productivity but fortunately did not lose control of facility operations. The company’s operations were disrupted at one gas facility as a direct result of the cyberattack. Their gas compression facilities in other geographical locations were not impacted by the ransomware but had to halt operations because of pipeline transmission dependencies. This resulted in an operational shutdown of the entire pipeline asset lasting approximately two days.

The ransomware was successfully delivered to an unnamed gas compression facility via spear phishing to gain access to the company’s IT network which was used to compromise their operational technology (OT) network. An operational technology network monitors and controls industrial equipment and processes like those used in critical infrastructure. Ransomware was deployed on the OT network to encrypt data and interrupt availability of systems. Windows-based machines on both the IT and OT networks were compromised.

CISA is provided an alert to help system administrators guard against malware attacks after a ransomware attack caused an oil pipeline facility to shut down for two days while the cyberattack was mitigated and computer systems were restored. Although malware can and has attacked all types of businesses, cyber attacks on critical industries can have the most crippling affect. The critical industries, or critical infrastructure sectors, defined by Presidential Policy Directive 21 are the Chemical, Commercial Facilities, Communications, Critical Manufacturing, Dams, Defense Industrial Bases, Emergency Services, Energy, Financial Services, Food and Agriculture, Government Facilities, Healthcare and Public Health, Information Technology, Nuclear Reactors, Materials, Waste, Transportation, and water and Wastewater systems.

Operations were shut down for about two days while the networks were cleaned and recovered.

Preparing for Cyberattacks

The target of this ransomware attack had an existing emergency response plan, but it did not focus on cyberattacks as a possible scenario.

  • Require Multi-Factor Authentication to access the OT and IT networks from external sources from remote connections
  • Implement regular Data Backup procedures
  • Restrict user account access to a level of permission
  • Schedule regular backups of critical data
  • Use reliable antivirus software to protect computers from visiting malicious websites and to detect phishing emails
  • Train employees on how to spot phishing emails and recognize spoof websites
  • Disable macro scripts from Microsoft Office files sent as email attachments

All computers, laptops, and smartphones should be kept up to date with the latest security patches for operating systems and all apps installed in the devices. Users should avoid connecting to any personal or work accounts over public WiFi connections. Using a virtual private network (VPN) to encrypt data, emails, and activity from mobile devices. In January 2020 Microsoft stopped supporting Windows 7 computers in favor of their Windows 10 operating systems. Laptops and computers that were running Windows 7 are older do not have features like facial recognition and fingerprint scanning. Upgrading to a new computer or getting a new phone can provide extra security layers of security for two-factor authentication.

What is Spear Phishing?

Spear phishing is a type of email that is used to initiate cyber attacks, deliver malware, steal money, or collect more information from a specific target or targets. While phishing emails accomplish similar attacks, the hacker sending the spear phishing email already knows some information about the recipients That information is used to personalize the email and make it seem familiar to the recipient. Personal information about spear phishing targets is often taken from social media accounts and corporate websites. Addressing the email recipient with topics, names, and requests that are relevant to their workplace make the malicious emails more believable to the reader and make it more likely that the user will follow the instructions in contained in the message. For example, human resource personnel may be targeted with requests for tax information or direct deposit changes. Employees who deal with accounts payable may be tricked into wiring money to an account hacker’s control.

In January CISA issues a bulletin warning the public about an increase in Emotet malware attacks a banking Trojan which spreads via malicious email attachments.

Over 1,000 schools in the United States were impacted by successful ransomware attacks. The city of Baltimore, Maryland has been successfully attacked twice. Three cities in Florida and the City of New Orleans were crippled attacks in 2019.

Last week, CISA release a Malware Analysis Report about a North Korean malware know has HOPLIGHT. That malware first appeared in November 2019 and is believed to be the work of an advanced persistent threat group known as Hidden Cobra in November 2019. Early in January 2020, the United States assassinated Iranian Revolutionary Guards Corps Quds Force commander Qasem Soleimani in Baghdad. System administrators prepared an onslaught of cyberattacks and in the following weeks cyberattack attempts against the United States tripled. Previous Iranian attacks targeted the Navy Marine Corps Intranet. Hackers successfully breached the control system of a dam in Rye, New York. In 2013. Two years later, in a separate malware cyberattack, hackers infected 35,000 office computers owned by Saudi Aramco with malware.

Filed Under: Malware

About Michelle Dvorak

Michelle writes about cyber security, data privacy focusing on social media privacy as well as how to protect your IoT devices. She has worked in internet technology for over 20 years and owns METRONY, LLC. Michelle earned a B.S. in Engineering from Rensselaer Polytechnic Institute. Michelle published a guide to Cyber Security for Business Travelers


LinkedInTwitterFacebook

Primary Sidebar

Subscribe to Our Free Newsletter

We Don't Share or Sell Your Info

Web Browsers

Where Are My Saved Passwords in Chrome?

Google Removes 70 Malicious Browser Add-ons from Chrome Web Store

Firefox 75 Reports Your Browser Settings to Mozilla

Categories

Cyber Security Field Guide

Computer Security While TravelingGet Our Cyber Security Field Guide - Available on Amazon!

Recent Posts

Security Marketing Manager – Remote

Sr. Associate, Cybersecurity Architect – Pfizer

Strategic Customer Success Manager – Cybersecurity – Opportunity for Working Remotely

Top 20 Passwords Leaked on Dark Web

ISU Cybersecurity Leader Job Opening

Cyber Security News

Top 20 Passwords Leaked on Dark Web

… [Read More...] about Top 20 Passwords Leaked on Dark Web

Apple Warns of Actively Exploited Zero-Day Flaw

… [Read More...] about Apple Warns of Actively Exploited Zero-Day Flaw

IRS Stops Facial Recognition System for Online Access

… [Read More...] about IRS Stops Facial Recognition System for Online Access

National Cybersecurity Alliance Announces Data Privacy Week

… [Read More...] about National Cybersecurity Alliance Announces Data Privacy Week

More Cyber Security News

Tags

amazon Android Apple bitcoin China chrome CISA credit card DarkSide DHS DOJ Equifax Europe Facebook facial recognition FBI Firefox FTC games GDPR Google Government hacker identity theft India iPhone Iran IRS LinkedIn Microsoft North Korea PayPal phishing phishing email ransomware REvil Russia smartphone T-Mobile TikTok tutorial VPN WhatsApp WiFi Windows

Government

CBP Looks to Access Airline Passenger Data

FTC Releases Cyber Threat Video Playlist

Malware Found on US Government Funded Phones

UK NCA Reaches Out to Youth to Deter Cybercrimes

More Posts from this Category

Footer

Menu

  • Home
  • About
  • Authors
  • Newsletter Signup
  • PRIVACY POLICY

Search

Why Use a VPN?

NordVPN vs IPVanish VPN Review

NAVIGATION

  • Data Breaches
  • Data Privacy
  • Gamers
  • Scams
  • Malware

MEMBER NJCCIC

New Jersey Cybersecurity & Communications Integration Cell

STAY CONNECTED

  • Facebook
  • Instagram
  • Pinterest
  • YouTube
  • Twitter
  • RSS

Copyright © 2023 · AskCyberSecurity.com · METRONY, LLC

Go to mobile version