Four U.S. natural gas pipeline operators had to shut down customer communications due to a cyberattack on a third-party, shared network.
One of the companies affected by the pipeline cyberattack, Energy Transfer Partners, reported the issue with its Electronic Data Interchange (EDI) system. The EDI used by Energy Transfer Partners is provided by the Latitude Technologies unit of the Energy Services Group. It was Latitude Technologies -- which is a Texas-based company that provides EDI and other services to over 100 U.S. natural gas pipelines -- that was the target of the cyberattack.
The EDI system is a platform used by all kinds of companies to exchange documents like invoices, and, in the case of the natural gas pipeline companies, to encrypt, decrypt, track and translate important energy transactions.
Bloomberg reported this week that Energy Transfer Partners and at least three other pipeline companies, including Oneok Inc., Boardwalk Pipeline Partners LP and Chesapeake Utilities Corp.'s Eastern Shore Natural Gas, felt the effect of the pipeline cyberattack on the EDI provider and had their systems for customer communication disabled. Oneok Inc., however, said that it disabled its system as a precaution after learning about the attack on the Latitude Technologies unit of Energy Services Group. Eastern Shore Natural Gas said its outage started March 29 and Energy Transfer Partners told SearchSecurity that it didn't experience any operations downtown as a result of the attack.
There is little information available about the pipeline cyberattack, though the Latitude Technologies unit at Energy Services Group told Bloomberg that it does not believe any customer data was compromised and that it is looking into the issue.
Latitude Technologies updated its website Monday morning saying, "We have completed the initial restoration of the system. We are now working towards increasing performance. While we believe things to be fully restored, we will continue to monitor for gaps in functionality," but no further details have been released.
The Department of Homeland Security (DHS) has also said that it is looking into the pipeline cyberattack, though no details have been released through that channel either.
This pipeline cyberattack comes on the heels of a warning from the U.S. government last month that Russian hackers are conducting an assault on the U.S. electric grid and other industrial control systems.
In other news
- According to a new report, there's been a shift in the top industries targeted by cyberattacks. The IBM X-Force Threat Intelligence Index 2018 found that the industries that suffer the most cyberattacks reported a decrease in those attacks in 2017 compared to 2016. Security attacks and incidents in the top-targeted industries are down to 10% in 2017 from 22% in 2016, according to the report. IBM noted that a decrease in Shellshock attacks is a major contributor to the decline. Shellshock, according to IBM, is "a family of security bugs ... that uses vulnerable versions of Bash command language to execute arbitrary commands and gain unauthorized access to a computer system." There were 71% fewer Shellshock attacks in 2017 than 2016, according to the report, and that's likely because of the widespread patching against this type of attack.
- Only eight of the 26 email domains managed by the White House's Executive Office of the President have Domain-based Message Authentication, Reporting and Conformance (DMARC) phishing prevention installed -- and all but one of those are configured in monitor-only mode, according to data security company Agari. Agari tracks the federal government's use of DMARC. Last year, DHS issued a directive that required federal agencies and departments that operate .gov domains implement DMARC. DMARC flags suspicious email that failed authentication or will send the message directly to the spam folder if the settings are set strong enough. Last year, DHS gave federal agencies and departments a deadline of mid-January 2018 to implement DMARC.
- In a statement this week, Facebook's chief security officer Alex Stamos said the social media platform removed 138 Facebook pages, 70 Facebook accounts and 65 Instagram accounts that were controlled by Russia's Internet Research Agency (IRA). Stamos said that many of the deleted pages also ran ads that were also removed. "The IRA has repeatedly used complex networks of inauthentic accounts to deceive and manipulate people who use Facebook, including before, during and after the 2016 US presidential elections. It's why we don't want them on Facebook," Stamos said. "We removed this latest set of Pages and accounts solely because they were controlled by the IRA -- not based on the content." The pages Facebook removed were mostly Russian-language and targeted Russian-speaking or Russia-based users with political issues and the promotion of Russian culture. This is one step Facebook has taken since the recent discovery of massive data privacy abuses by a third-party with access to user information, though Stamos said this had been in the works for months.