Back to Blog

Ransomware Attack Shuts Down US Gas Pipeline

Parker Byrd

The Department of Homeland Security (DHS) revealed that an American natural gas facility was prompted to halt operations for two days after discovering it was infected with a commodity ransomware.

The attacker targeted the unnamed US gas pipeline using a spear-phishing email. According to the DHS Cybersecurity and Infrastructure Security Agency (CISA) technical alert, the intruder accessed its IT then pivoted to its OT network. It was unnamed ransomware described as a ’commodity’  type meant for infecting Windows systems.

For this reason, it wasn’t able to affect any programmable logic controllers (PLCs) that are directly responsible for reading and manipulating any physical processes. But the ransomware compromised human machine interfaces (HMIs), polling servers and data historians on the OT network.

The organization that fell victim was not appropriately prepared for such an attack. That is quite a worrying sign trend showing essential infrastructure providers advanced their threat modeling taking into account modern black hat methods.

To be specific, the organization did not implement robust segmentation between the OT and IT networks, which allows the hacker an opportunity to infect both of them. It didn’t have a cyber-risk built into the emergency response plan, which focuses only on physical safety threats.

Employees were also not provided with emergency response exercises to make cyber-attack decisions effectively. There were cybersecurity knowledge gaps not adequately incorporated into emergency response planning.

Understandably, most web users may not be conversant with all the tricks and tips of maintaining the integrity of their data while on the web. Cybersecurity has never been so crucial as in the modern society of today. So is the best course of action to take? Hook Security's Phishing Testing & Cyber Security Awareness Training can help coach you, your business and workforce mitigate the risk of liability.


Share on social media: 

More from the Blog

Introducing Hook Heroes!

‍The Hook Security Team is excited to announce that you can now become a Hook Hero. Simply put, you can now get rewarded for sharing the love for and referring your friends to Hook Security!

Read Story

How to Set up a Training Campaign

In this video, we will review how to set up a training campaign. From picking out a template to sending it out in the Campaign Wizard, you’ll have the tools you need! ‍

Read Story

Why Security Awareness Doesn't Work Without Executive Buy-in

One of the most common challenges that organizations face when trying to implement security awareness training is getting executive buy-in. without the support of executives, security awareness programs can quickly become ineffective and compliance-focused rather than user-centric. In this blog post, we will examine some of the reasons why security awareness training requires executive buy-in and provide tips on how to get your executives on board.

Read Story

Never miss a post.

Enter your email below to be added to our blog newsletter and stay informed, educated, and entertained!
We will never share your email address with third parties.