US government warns over gas pipeline cyberattacks

Gas pipelines have been targeted by cyber attacks according to the US Department of Homeland Security, raising fresh fears over the  safety of infrastructure.

The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) arm of DoHS has highlighted an “active series of cyber intrusions”, with spear-phishing attacks targeting natural gas pipeline sector companies.

Analysis of the malware connected to the cybers attacks discovered has apparently identified the attacks as a part of a single campaign.  It is thought that the campaign has been ongoing since December 2011.

Spear-phishing attacks have targeted a variety personnel within organisations, but the number of individuals targeted has been “tightly focused” apparently.

Cyber criminals conducted attacks by constructing email as that appeared to have been sent from a trusted member of the organisation in which they worked.

ICS-CERT has now released an alert to highlight the danger posed by cyber attacks on infrastructure, though the the amount of information being made publicly available is being limited.

ICS-CERT says that is now “working aggressively” with organisations that have been affected in order to fend off threats and to prevent re-infection. No indication has been given as to the source of motive of the attacks.

Attacks on critical infrastructure have been a gorowing concern, particularly in the wake of the Stuxnet worm which threatened nuclear power stations in Iran.

According to Tenable Network Security many power companies are open to attacks such as spear phishing.

“The truth of the matter is, some power companies have very low levels of security infrastructure in place, leaving them highly susceptible to spear-phishing attacks,” said Ron Gula, CEO, Tenable Network Security in a statement today.

“Conversely however, other companies in the space have complex security solutions which can resist very determined attackers.”

According to Gula the seriousness in some cases can be overstated, and it is not just critical infrastructure which is on the receiving end of attacks, though attacks such as Stuxnet are inevitably going to cause concern.

“It’s worth noting there may be a slight case of overreaction and scaremongering around reports like this from the Department of Homeland Security.” 

“Recently in the US, an incident initially labelled ‘a cyber attack on critical infrastructure from Russia’ was identified months later as an authorised action taken by an individual while on holiday in the country.” 

“Correlating incidents taken against critical infrastructure companies – such as viruses, spear phishing and hacker attacks – and calling them “sophisticated cyberattacks” can be a dangerous ploy, as these networks usually have the same level of incidents and abuse as any other industry.”