European Oil And Port Facilities Suffer Cyberattacks

An oil tanker

More cyberattacks on critical infrastructure, as IT systems are severely disrupted at several European oil and transport companies

A number of critical industries including oil suppliers and shipping ports across Europe have suffered large-scale cyberattacks.

Port facilities in Belgium, Germany, and the Netherlands have been targeted by cyberattacks, authorities have been quoted as saying by the Associated Press.

Earlier this week US deputy national security advisor Anne Neuberger, told her European counterparts that Russia could use cyberattacks as part of its efforts to destabilise as it mulls whether to invade Ukraine.

Critical industry attacks

And days a few days ago the IT systems associated with the automation of tank loading/unloading of a German fuel supplier was crippled by a cyberattack.

Oiltanking GmbH and Mabanaft GmbH, an oil supplier, were impacted, both of whom are subsidiaries of the Marquard & Bahls group.

Oiltanking GmbH supplies the 1,995 Shell gas stations in Germany, but local officials have stressed there are no fuel shortages.

Shell meanwhile said it was re-routing oil supplies to other depots.

Now reports are emerging that multiple oil transport and storage companies in Belgium and the Netherlands are also dealing with large-scale cyberattacks.

According to the Associated Press, officials say the attacks began several days ago and has primarily disrupted operations at oil terminals and ports, preventing tankers from delivering energy supplies.

Besides the cyberattack hitting the port of Hamburg, attacks have also been reported on at SEA-Invest oil terminals in Belgium.

Meanwhile Evos in the Netherlands told the BBC that IT services at terminals in Terneuzen, Ghent and Malta have “caused some delays in execution”.

Belgian authorities have launched an investigation after ports in Ghent and Antwerp-Zeebrugge were disrupted.

An official from the Rotterdam-based brokerage firm Riverlake – Europe’s largest cargo port – told the Associated Press that the hack had prevented some oil barges from unloading.

“The software of several port terminals has been hacked and they can’t process barges,” broker Jelle Vreeman told AFP, “basically, the operating system is down.”

Geopolitical moves

These attacks echo the devastating cyberattack on May 2021 on a major fuel supplier (Colonial Pipeline) in the United States, which caused widespread fuel shortages and panic buying along the US east coast.

That attack dominated the face-to-face meeting in June 2021 between Biden and Russia’s President Vladimir Putin.

President Biden reportedly promised Putin ‘retaliation’ if Russia attacks a list of 16 ‘critical’ facilities in America.

There is no official confirmation yet that these latest attacks are linked to NATO’s tense stand-off with Russia, which has placed 120,000 troops on the Ukraine border.

Last month Ukraine suffered a massive cyberattack that impacted at least 70 government websites, as well as the US, UK and Swedish embassies.

Western countries have withdraw embassy staff amid invasion concerns.

Last week the GCHQ’s National Cyber Security Centre (NCSC) warned British organisations to take action to bolster their cyber security resilience, in response to the malicious cyber incidents in and around Ukraine.

Germany has become involved in the matter, due to Russia’s controversial Nord Stream 2 gas pipeline that will double Russian gas supplies to Germany.

The Nord Stream 2 gas pipeline has therefore become a geopolitical point, with NATO and the West warning the pipeline will be impacted if Russia goes ahead and invades Ukraine.

Industry reaction

But the attacks on critical infrastructure has prompted a response from some security experts.

“Critical national infrastructure (CNI) is becoming an increasingly popular target for malicious actors due to the devastating impacts downtime and delays in this sector can have,” noted Dominic Trott, UK product manager at Orange Cyberdefense.

“You only have to look back at last year’s fuel crisis or the attack on US supplier Colonial Pipeline to see this in action,” said Trott. “In this attack, the impacts have already spread far further than the three countries where these businesses are based, with the connected nature of the global supply chains resulting in ports in Africa and across Europe more widely also being affected.”

“With concerns about rising energy prices already adding strain to the sector, thwarting cyber-attacks targeting key infrastructure has never been more critical and the severe consequences of failing to do so are profound,” said Trott.

“Organisations responsible for the security of our CNI need to ensure that a layered approach to cybersecurity is in place, adopting a defence-in-depth approach that harnesses end-to-end security to address the organisation’s challenges (not least ensuring operational resilience in the face of a cyber-onslaught),” said Trott.

“Importantly, while defence-in-depth harnesses the power of security technology across all solution areas, it must also be supplemented by investment in both people and process to enable round-the-clock threat protection, detection and response,” Trott advised.

Real world impact

The fact that attacks can have immediate real-world impacts has also noted by Trevor Dearing, director of critical infrastructure solutions at data centre and cloud security specialist Illumio.

“Ransomware is becoming more sophisticated and attacks more targeted,” said Dearing. “Recently, we’ve seen more attacks on the IT systems of manufacturers, logistics companies and healthcare organisations that ultimately target the operational part of the business.”

“Unlike a bank or retailer where the target is customer information, these attacks disrupt the logistics or manufacturing process – they can have immediate real-world impacts,” said Dearing.

“Once an attacker gains access to an organisation, they will quickly try to infect as many machines as possible using open and unprotected ports and protocols,” said Dearing. “After the attacker has achieved this reach, the ransomware will detonate and can cause havoc.”

“Unfortunately, detecting an attack at this point is too late, which is why it’s helpful to put in protection proactively before an attack,” said Dearing. “Restricting the movement of ransomware by closing down unused and high-risk ports isolates ransomware and drastically limits the impact of an attack.”

“By taking a Zero Trust approach and only allowing known and verified communication between environments, security teams will stop an attack on the IT systems affecting the management or logistics processes,” said Dearing.

“With the move to industry 4.0 and the adoption of cloud connected Industrial IoT, the potential impact of a ransomware attack will only continue to grow,” Dearing concluded. “That’s why it is important to act now and put security measures in place that will make our infrastructure resilient to attacks – even once they’ve breached our perimeter.”

Last month the White House ordered all US federal agencies to adopt a ‘Zero Trust’ security model within the next two years.

It came after President Joe Biden signed an executive order in May 2021 to improve the nation’s cybersecurity capabilities.