An unspecified American natural gas energy plant was under attack by Ransomware causing two days of a temporal shutdown on their operation and resource pipeline. The attack disabled the reporting functionality that provides real-time operation feedback to the technicians, yet there were no impacts that gave threat actors the ability to control or manipulate operations.
The U.S Department of Homeland Security publicly alerted other similar infrastructure asset owners to apply corresponding security measures associated with this incident.
Ransomware Injected by Spear Phishing
Infection was introduced through the Spear Phishing approach which allowed attackers access to the facility's information technology (IT) network. The report specifies victim's lack of internal network segmentation provides injected Ransomware to access the operational technology (OT) network layer causing Loss of Availability impact on human machine interfaces (HMIs), data historians, and polling servers.
While the attack was conducted against a single control facility the impact affected the entire pipeline due to transmission dependencies. The event was considered less severe leading to a linear shutdown process. The damaged assets were replaced and data were recovered from the latest backup. Mitigation report further guided other facilities to maintain their practice of backup procedures on regular bases, as well as improve networking structure to prepare for similar attacks.