Updated! A cyberattack against Energy Services Group (ESG), which handles customer transactions for natural gas pipelines owned by several energy firms, has knocked the company’s systems offline.
ESG, which provides business process solutions for firms such as Energy Transfer Partners, has not released any details regarding the attack, but the company has stated that its electronic data interchange will be down until further notice, according to The Dallas Business Journal.
“ESG experienced an outage to its software systems due to a cyberattack, Thursday, March 29. Working with a leading cyber forensic firm, ESG has since restored its systems to operation and we are now completing testing and system validation to bring all customers back into safe and secure operation. Throughout the restoration process, ESG has worked diligently to communicate and collaborate with our valued customers and trading partners whom we thank for their patience and support,” an ESG spokesperson told SC Media on April 5.
There mere fact that ESG was able to be taken down indicates the firm has to bolster its cybersecurity efforts, one security executive said.
“If ESG has been taken offline by a cyberattack, then whatever cybersecurity investment they made has, regrettably, proven to be insufficient,” said Andrew Lloyd, president of Corero Network Security, in comments to SC Media. “The lesson is clear: if you’ve moved your business-critical operations to the internet, then you’re going to need to have adequate cybersecurity defenses to ensure resilience.”
Energy Transfer Partners told Bloomberg that it is operating and that no data was compromised.
This incident comes just one month after the FBI and Department of Homeland Security issued a joint alert stating Russian government cyber actors targeted U.S. government entities and multiple U.S. critical infrastructure sectors, including the energy, nuclear, commercial facilities, water, aviation, and critical manufacturing sectors.
The FBI/DHS alert noted attacks using spearphishing emails, watering holes, credential gathering, open-source and network reconnaissance in their campaigns.
At this point, no attribution has been made to a specific threat group.
“It is too early to tell if this breach was related to the Russian ‘Dragonfly’ hackers that penetrated U.S. plants and the FBI warned about in March,” said Nick Bilogorskiy, cybersecurity strategist at Juniper Networks, referring to APT group, also known as Energetic Bear, that began targeting the energy sector after originally going after U.S. defense and aviation companies.
“The FBI/DHS alert makes it clear that our critical infrastructure is in the cross-hairs of our adversaries. This looks like a financially-motivated cyberattack, likely by cybercriminals, but we’ve seen in the past that cybercriminals often collaborate with nation-states and share hacking tools with each other,” said Phil Neray, VP of industrial cybersecurity at CyberX. Neray added that the next logical step would be for a cybercriminal to use ransomware to knock such a system offline and then demand a massive payment.
Energy Services Group has not returned an SC Media request for further comment.