It seems that US pipelines have been attacked multiple times in the past but the people just didn’t know because the government never told them. According to a joint advisory from the Cybersecurity and Infrastructure Security Agency or CISA and the Federal Bureau of Investigation or FBI, hackers from China have breached US pipelines multiple times from 2011 to 2013. This means that the US’s cyberinfrastructure has been dodgy for quite a while now. At least they’re doing something about it now.
This information was revealed last Tuesday and it detailed that Chinese state-sponsored attackers had breached 13 US oil and natural gas or ONG pipeline companies. The attackers used spear-Phishing tactics to get into the pipelines’ systems. The joint advisory said that “Overall, the US Government identified and tracked 23 US natural gas pipeline operators targeted from 2011 to 2013 in this spearphishing and intrusion campaign. Of the known targeted entities, 13 were confirmed compromises, 3 were near misses, and 7 had an unknown depth of intrusion”.
The advisory also talked about China’s goal in doing these attacks. It was determined that the end goal was for China to better develop its cyberattack capabilities to somehow physically damage US pipelines. The advisory read that “CISA and FBI assess that these intrusions were likely intended to gain strategic access to the ICS networks for future operations rather than for intellectual property theft. This assessment was based on the content of the data that was being exfiltrated and the TTPs used to gain that access”.
The US even used decoy documents to bait out the attackers. They planted sensitive fake information regard financial and business-related statistics. This honey pot was, however, completely ignored by the attackers which led the US government to believe that their major goal was to gain access to the ICS networks. This happened in at least one compromise incident. The advisory also shared many tactics, techniques, and procedures or TTPs that could help companies to protect themselves from cyberattacks.
The procedures detailed in the advisory include
- Harden the IT/corporate network to reduce the risk of initial compromise.
- Update all software, including operating systems, applications, and firmware, in a timely manner. Consider using a centralized patch management system.
- Replace all end-of-life software and hardware devices.
- Filter network traffic to prohibit ingress and egress communications with known malicious IP addresses.
These are just a few points among the long list provided in the advisory, which you can view at your leisure here.
Cybersecurity has become a significant area of interest as more and more government agencies have become increasingly reliant on computers and IT systems to handle all their sensitive information.