German fuel giant Oiltanking has suffered a cyber attack that has forced IT systems offline. While the origins of the attack are not clear, this event comes soon after BfV German domestic intelligent services’ warned last week of ongoing attacks coordinated by APT27.
Attacks on critical infrastructure have become more frequent in the last few years. APTs and organized ransomware gangs see critical infrastrucure as valuable and 'easier' targets not only because they typically run legacy technology, but they're also typically more willing to cooperate with ransoms and demands due to the critical services they supply.
Nick Tausek, Security Automation Architect at Swimlane shared his perspective on this news and what organizations can do to mitigate their risk of becoming a victim:
"This cyber attack comes as no surprise after the BfV German domestic intelligent services warned last week of ongoing attacks coordinated by APT27, a Chinese-backed hacking group. While it hasn’t been confirmed that APT27 is behind the attack on Oiltanking, this cyberattack could very well be the work of a state actor looking to cause disruption and economic damage. When it comes to situations like these, it is important to understand that a targeted attack on a single critical infrastructure entity can lead to mass-scale supply chain issues. Although it has been said that fuel supply is not in jeopardy in this case, IT systems responsible for tank loading and unloading processes that are not able to be done manually have been forced offline for the time being, disrupting the flow of routine processes.
To avoid economic disruption and mitigate potential supply chain issues, critical infrastructure sectors must make sure that best cybersecurity practices remain top-of-mind. This includes implementing multi-faceted cybersecurity systems that automate detection, response and investigation protocols and allow for complete visibility into IT ecosystems with the ability to comprehend and thwart malicious threats in real time, before cybercriminals are able to take over. By automating and centralizing security processes using low-code automation, IT teams are granted full monitoring capabilities, ultimately ensuring that critical day-to-day processes remain undisturbed."