Update: Cyber-attack knocks US Energy Services Group offline

Update: Cyber-attack knocks US Energy Services Group offline

A cyber-attack against Energy Services Group (ESG) in the US, which handles customer transactions for natural gas pipelines owned by several energy firms, has knocked the company’s systems offline.

ESG, which provides business process solutions for firms such as Energy Transfer Partners, has not released any details regarding the attack, but the company has stated that its electronic data interchange will be down until further notice, according to The Dallas Business Journal.

“ESG experienced an outage to its software systems due to a cyberattack, Thursday, 29 March. Working with a leading cyber forensic firm, ESG has since restored its systems to operation and we are now completing testing and system validation to bring all customers back into safe and secure operation. Throughout the restoration process, ESG has worked diligently to communicate and collaborate with our valued customers and trading partners whom we thank for their patience and support,” an ESG spokesperson told SC Media on 5 April.

There mere fact that ESG was able to be taken down indicates the firm has to bolster its cyber-security efforts, one security executive said.

“If ESG has been taken offline by a cyber-attack, then whatever cyber-security investment they made has, regrettably, proven to be insufficient,” said Andrew Lloyd, president of Corero Network Security, in comments to SC Media. “The lesson is clear: if you’ve moved your business-critical operations to the internet, then you’re going to need to have adequate cyber-security defences to ensure resilience.”

Energy Transfer Partners told Bloomberg that it is operating and that no data was compromised.

This incident comes just one month after the US FBI and Department of Homeland Security issued a joint alert stating Russian government cyber actors targeted US government entities and multiple US critical infrastructure sectors, including the energy, nuclear, commercial facilities, water, aviation, and critical manufacturing sectors.

The US FBI/DHS alert noted attacks using spearphishing emails, watering holes, credential gathering, open-source and network reconnaissance in their campaigns.

At this point, no attribution has been made to a specific threat group.

“It is too early to tell if this breach was related to the Russian ‘Dragonfly’ hackers that penetrated US plants and the FBI warned about in March,” said Nick Bilogorskiy, cyber-security strategist at Juniper Networks, referring to APT group, also known as Energetic Bear, that began targeting the energy sector after originally going after US  defence and aviation companies.

“The FBI/DHS alert makes it clear that our critical infrastructure is in the cross-hairs of our adversaries. This looks like a financially-motivated cyber-attack, likely by cyber-criminals, but we’ve seen in the past that cyber-criminals often collaborate with nation-states and share hacking tools with each other,” said Phil Neray, VP of industrial cyber-security at CyberX. Neray added that the next logical step would be for a cyber-criminal to use ransomware to knock such a system offline and then demand a massive payment.

Energy Services Group has not returned an SC Media request for further comment.