The Department of Homeland Security (DHS) revealed that an American natural gas facility was prompted to halt operations for two days after discovering it was infected with a commodity ransomware.
The attacker targeted the unnamed US gas pipeline using a spear-phishing email. According to the DHS Cybersecurity and Infrastructure Security Agency (CISA) technical alert, the intruder accessed its IT then pivoted to its OT network. It was unnamed ransomware described as a ’commodity’ type meant for infecting Windows systems.
For this reason, it wasn’t able to affect any programmable logic controllers (PLCs) that are directly responsible for reading and manipulating any physical processes. But the ransomware compromised human machine interfaces (HMIs), polling servers and data historians on the OT network.
The organization that fell victim was not appropriately prepared for such an attack. That is quite a worrying sign trend showing essential infrastructure providers advanced their threat modeling taking into account modern black hat methods.
To be specific, the organization did not implement robust segmentation between the OT and IT networks, which allows the hacker an opportunity to infect both of them. It didn’t have a cyber-risk built into the emergency response plan, which focuses only on physical safety threats.
Employees were also not provided with emergency response exercises to make cyber-attack decisions effectively. There were cybersecurity knowledge gaps not adequately incorporated into emergency response planning.
Understandably, most web users may not be conversant with all the tricks and tips of maintaining the integrity of their data while on the web. Cybersecurity has never been so crucial as in the modern society of today. So is the best course of action to take? Hook Security's Phishing Testing & Cyber Security Awareness Training can help coach you, your business and workforce mitigate the risk of liability.