Computers that control US gas pipelines have been targeted by phishers as of late. The attacks were first noticed in December, and all attacks have been highly sophisticated phishing attempts. Homeland Security has been involved in countering attacks since March but the attempts to hack into the vital systems have not ceased.
“The cyber intrusion involves sophisticated spear-phishing activities targeting personnel within the private companies. DHS is coordinating with the FBI and appropriate federal agencies, and ICS-CERT is working with affected organizations to prepare mitigation plans customized to their current network and security configurations to detect, mitigate and prevent such threats,” said Peter Boogaard, DHS spokesman. There has been no reported headway in identifying who is attempting to take over the pipeline companies.
Most natural gas pipelines are experiencing this type of attack in the US. Jesse Hurley, the man in charge of the North American Energy Standards Board and also CEO of Shift Systems believes that the attacks are “unprecedented”. The DHS is leaving some of the malware placed in the network alone so they can see what it does and form a better counter plan to protect the pipeline networks. However, all malware that’s deemed vicious is immediately removed.
The biggest concern at this time is a hacker tricking a vital employee into giving them valuable data via malicious link or download. This kind of scenario may originally seem a little farfetched, but just a few years ago, a malware called “Stuxnet” disabled Iran’s Natanz nuclear plant for several days. The malware was reported to have been carried into the building via thumb drive by a double agent that also worked for Israel.
Some hope all of the attacks on US pipeline companies are spurring standards in the gas pipeline industry. Currently, there are no standards whatsoever to protect these vital systems.
Hacking and phishing attempts can happen to anyone, so it’s important to be prepared. Consider updating your current security system and, if you don’t have one, bring in a dependable third party to guarantee your network is safe.