The Effects Of Petro Canada’s Parent Company Getting Pwned Continue With No ETA For Resolution

This is now day 5 of Suncor Energy being the victim of some sort of cyberattack. I first wrote about this on Sunday where Petro Canada gas stations were unable to accept payment by debit or credit card. On top of that, Petro Canada’s app which allows you to collect “Petro Points” for things like free gas and gift cards isn’t working either. On Monday led to Suncor admitting that it was dealing with a cyberattack. But as I type this, there’s no ETA as to when all of this will be resolved. And what makes things worse is that there is likely more going on than we know based on this report:

Ian L. Paterson, CEO of Vancouver-based cybersecurity company Plurilock Security Inc., said these public-facing issues could be “just the tip of the iceberg.” He added that as early as Friday, he was also hearing about Suncor employees being unable to log in to their own internal accounts.

“All of these things put together seem to suggest that there could be a sizable cyber incident that’s taking place,” Paterson said, cautioning that much is still unknown about the current situation.

“I think that this actually could be the Canadian Colonial Pipeline, just in the sense that Suncor is such a large part of the economy.”

If this is an attack as big as Colonial Pipeline, then this event is as non-trivial as it gets for Canada as Petro Canada is “the” gas station for many parts of the country.

Carol Volk, EVP, BullWall starts off the commentary: 

    “A company as large as Petro-Canada would most likely have had a plethora of security tools in place to prevent attacks like this. We are never going to stay one step ahead of motivated bad actors. A new approach that layers on active attack containment is the new frontier for cyber security.” 

Stephen Gates, Principal Security SME, follows with this:

   “Although the details of the cyber incident are few, this sounds like a targeted attack against the point-of-sales systems since the organization is unable to accept and process credit/debit card transactions. If a ransom-related campaign is the culprit, then this may indicate a new attack path and outcome.

   “Most occurrences of ransomware lock up workstations and data stores but rarely target what most would consider to be IoT. But on the other hand, many gas pumps run commonly used operation systems (like Windows CE) which could make them a considerable target to ransom since an outage could cause untold consumer pain.”

Finally I have a comment from Roy Akerman, Co-Founder & CEO, Rezonate:

   “This is an example of how cyber risk has a direct impact on business continuity. We often see that when an organization settles for compliance checks rather than a robust security program. Organizations should not invest only in preventative and cyber readiness actions, but also in recovery and response. As more information unfolds, we can further evaluate actions taken and the cause for business disruption.”

You would have thought that after the Colonial Pipeline incident, that companies overall would be better prepared. But that appears not to be the case and that doesn’t surprise me. Companies need to get serious about cybersecurity or they will end up like Suncor.

Leave a Reply