Behind the Hack: "Oiltanking"

Companies: Oiltanking and Mabanaft
Industry: Petroleum, critical infrastructure
Date of attack: February 1, 2022
 
Quick take: On Tuesday, two German petroleum logistics companies were targeted by a cyberattack that disrupted operations and forced partners such as Shell to redirect oil supplies. While information is still coming in, it appears that the loading and unloading systems of Oiltanking and Mabanaft were affected. 
Why it matters: The attack on Oiltanking and Mabanaft is a reminder that critical infrastructure will remain a top target for cybercriminals, hostile governments, and other threat actors in the coming months and years. According to a recent report published by Check Point, ransomware attacks on critical infrastructure in the U.S. increased by 300 percent over a nine-month period in 2021, a dramatic increase that’s consistent with global trends. Many companies and governments across Europe, for instance, are on high alert amid the tension on the Ukrainian border and the possibility of Russia launching or sponsoring cyberattacks in the coming months.  
We’ve got a hack for that: NINJIO has covered the most prominent cyberthreats to critical infrastructure many times. For example, in season 6 / episode 7 (titled “See Something, Do Something” and published in July 2021), we discussed the importance of proactive cyber awareness for employees in the infrastructure sector. 
Our main character, Jeff Winston, is an employee at “Provincial Pipeline” who discovers why it’s vital to report suspicious activity such as emails demanding that employees download “urgent” software updates. When employees know what to look for and immediately report suspicious communications, links, attachments, and so on, they can prevent ransomware attacks – one of the most common threats infrastructure companies face. 
For more information, check out NINJIO’s articles and reports on the state of infrastructure cybersecurity – a subject that’s only going to become more relevant in the coming years.