German Petrol Supply Firm Pwned By Hackers

Bleeping Computer today reported German petrol supply firm Oiltanking paralyzed by cyber attack. Oiltanking is the main distributor who supplies Shell gas stations in Germany:

Oiltanking GmbH, a German petrol distributor who supplies Shell gas stations in the country, has fallen victim to a cyberattack that severely impacted its operations.

Additionally, the attack has also affected Mabanaft GmbH, an oil supplier. Both entities are subsidiaries of the Marquard & Bahls group, which may have been the breach point.

And:

Bleeping Computer received the following comment from the company regarding the current situation:

On Saturday, January 29th 2022, Oiltanking GmbH Group and Mabanaft GmbH & Co. KG (Mabanaft) Group discovered we have been the victim of a cyber incident affecting our IT systems. Upon learning of the incident, we immediately took steps to enhance the security of our systems and processes and launched an investigation into the matter. We are working to solve this issue according to our contingency plans, as well as to understand the full scope of the incident. We are undertaking a thorough investigation, together with external specialists and are collaborating closely with the relevant authorities. All terminals continue to operate safely.

Oiltanking Deutschland GmbH & Co. KG, an operating unit within the Mabanaft Group, operates all terminals in Germany and is not part of the Oiltanking GmbH Group.

Oiltanking GmbH Group continues to operate all terminals in all global markets. Oiltanking Deutschland GmbH & Co. KG terminals are operating with limited capacity and have declared force majeure. Mabanaft Deutschland GmbH & Co. KG has also declared force majeure for the majority of its inland supply activities in Germany. All parties continue to work to restore operations to normal in all our terminals as soon as possible.

Saryu Nayyar, CEO and Founder, Gurucul:

“While there is a lot of discussion around ICS/OT security, the reality is that most operations are disrupted by compromises and attacks that begin within IT. While the devices and systems themselves may run on hardened or proprietary operating systems and architectures, the management of these devices often do not, leaving them susceptible to a malware or ransomware attack. This shows how critical it is to invest in more advanced threat detection and response solutions that can enable automation with higher confidence and lower impact to help security teams prevent disruption and the detonation of ransomware.”

Hopefully this attack is remediated quickly as we’ve seen with other cyberattacks on oil and gas facilities like the Colonial Pipelines attack, they can be devastating and cause all sorts of disruptions.

UPDATE: Saumitra Das, CTO and Cofounder, Blue Hexagon added this commentary:

“The use of cyberattacks for achieving nation-state or criminal gang aims continues to increase. This is reminiscent of the Colonial Pipeline attack where cyberattacks on critical infrastructure companies, even if on the IT side, can lead to issues in critical infrastructure. Attackers do not always have to infiltrate OT systems, bringing down the IT side of the house can cause enough disruption to achieve their end goals – whether that is a ransom payment or a geopolitical.” 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: