Many natural gas pipeline operators in the U.S. Gas affected by cyberattack
5.4.2018 securityaffairs ICS
Natural gas pipeline operators in the United States have been affected by a cyber attack that hit a third-party communications system.
The hackers targeted the Latitude Technologies unit at the Energy Services Group, but the attack did not impact operational technology.
At least four US pipeline operators were affected by the attack on their electronic systems, the Energy Transfer Partners was the first company that reported problems with its Electronic Data Interchange (EDI) system.
The Electronic Data Interchange platform used by businesses to exchange sensitive documents, including invoices and purchase orders.
Latitude currently provides EDI services to more than 100 natural gas pipeline firms, storage facilities, utilities, law firms, and energy marketers across the US. The companies in the energy industry use it to manage key energy transactions.
According to a report published by Bloomberg, the attack against Latitude affected Boardwalk Pipeline Partners, Chesapeake Utilities Corp.’s Eastern Shore Natural Gas, and ONEOK, Inc.
“We do not believe any customer data was compromised,” Latitude Technologies unit of Energy Services Group told Bloomberg.
“We are investigating the re-establishment of this data,” Latitude said in a message to customers.”
The Department of Homeland Security is investigating the incident, at the time of writing there are no details about the cyber attack.
On Tuesday, Latitude notified its customers that the restoration of EDI services had been completed.
“Monday 4/3/2018 7:49am We have completed the initial restoration of the system. We are now working towards increasing performance. While we believe things to be fully restored, we will continue to monitor for gaps in functionality.” states the advisory published by Latitude Technologies.
“Please notify us if you encounter any missing capabilities so we can address them ASAP. Please contact us with any questions at 972-519-5451. Thank you for your patience. Please check this web site for continuing updates”
Who is behind the attack?
At the time it is impossible to determine the nature of the attackers, financially motivated cybercrime gangs could be interested in stealing sensitive information and use them to blackmail firms. It is likely that crooks targeted the natural gas pipeline operators for extortion purposes.
Another scenario sees nation-state actors targeting critical infrastructure, in this case, EDI services are a mine of information for hackers that could use them to launch further attacks.
In October 2017, the US Department of Homeland Security (DHS) and the FBI have issued a warning that APT groups are actively targeting government departments, and firms working in the energy, nuclear, water, aviation, and critical manufacturing sectors.
“This isn’t the first time U.S. pipelines have been targeted. In 2012, a federal cyber response team said in a note that it had identified a number of “cyber intrusions” targeting natural gas pipeline sector companies.” concluded Bloomberg.
“The group, the Industrial Control Systems Cyber Emergency Response Team, is a division of Homeland Security.”