US Gas Pipeline Companies Currently Under Major Cyber Attack

Natural Gas Pipeline companies are currently facing a major targeted phishing attack from a single source according to the Christian Science Monitor. The attacks that seemed to have begun in December 2011 have caused the DHS to release three amber alerts, and the ICS-CERT team to release an incident response report on Friday:

That fact was reaffirmed late Friday in a public, albeit less detailed, “incident response” report from the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), an arm of DHS based in Idaho Falls. It reiterated warnings in the earlier confidential alerts made directly to pipeline companies and some power companies.”

The incident response report explained that an analysis of the attacks shows that attacker was using a “spear-phishing” technique:

Analysis of the malware and artifacts associated with these cyber attacks has positively identified this activity as related to a single campaign from a single source. It goes on to broadly describe a sophisticated “spear-phishing” campaign – an approach in which cyber attackers attempt to establish digital beachheads within corporate networks.”

Natural Gas companies in the US and Canada seem to be the focus of the attacker and according to the article, some of the intrusion attempts may have been successful:

Multiple natural gas pipeline organizations have reported either attempts or intrusions related to this campaign.

Spear-phishing is an attack where the attacker researches certain individuals at a company using both online public and private resources. Public corporate news is analyzed, as well as individual’s social media sites, like Facebook and LinkedIn. The information gained is them used in a social engineering attack, usually a specially crafted e-mail that contains malicious links or attachments.

When the target runs the attachment or clicks on the link, remote access to the target’s computer is obtained or the attacker could harvest credentials or other pertinent information.

It is too early to tell who is responsible for these intrusions, but with the current concern of SCADA and public infrastructure attacks, it will be interesting to see which country or entity is behind this attack.

~ by D. Dieterle on May 6, 2012.

One Response to “US Gas Pipeline Companies Currently Under Major Cyber Attack”

  1. As a recognized business/tech expert in network security, I suggest that you look @ the real problem….. The Genie has been out of the bottle on S/W only security solutions for over 35 years.However, “ZERO Science” as their foundation and it is cheap. As you point out, competion & American engineering and redundancy will take care of the “UP Time” stats. Flame and Stuxnet virus’s is the new weapons and it’s only time before the the cyber hackers chime in.

    NSA has published the “Rainbow Books” Standards (suggest googling them), specifically the “Red & Oramge” books, but up to now the industry balked at the cost of these Multi-level OS H.W & S/W systems that actually “work”. Even DOD can only afford them for their most critical systems.

    OK, do we continue to stick our heads in the sand or solve the problem? Well we did!!! and the solution now exists in silicon and having been demoed to US Government high security assurance experts.

    If you care to consider breaking this OEM’s business/science contribution, lets talk about a First Rights Exclusive Scoop for you and WSJ. Our company promotion story is not what we desire, only that the fact that we have a viable commercial solution coupled with four major broad based current patents.

    Our goal is to initially license all US Only H/W & S/W OEMS, Defence Contractors and large VARS and supply the chipsets (domestic OEM) and silicon block Multi Level Systems.

    Feel free to discuss our solution on a no names basis with Yahoo, or others. As time is of an essence, let me know promptly if you are interested. As for the WSJ’s due diligence even with other outside US security experts, there is still sufficient time.
    Robert S. Pollock, President/CEO
    Continuum Partners Inc.
    Suite 204
    20 East 68th. Street
    New York, NY 10065
    (O/M) 917-497-5523
    (Fax) 212-288-2763
    ContinuumP@gmail.com

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: