A cyber-attack against Energy Services Group (ESG), which handles customer transactions for natural gas pipelines owned by several energy firms, has knocked the company's systems offline.
ESG, which provides business process solutions for firms such as Energy Transfer Partners, has not released any details regarding the attack, but the company has stated that its electronic data interchange will be down until further notice, according to The Dallas Business Journal.
“If ESG has been taken offline by a cyber-attack, then whatever cyber-security investment they made has, regrettably, proven to be insufficient," said Andrew Lloyd, president of Corero Network Security, in comments to SC Media. “The lesson is clear: if you've moved your business-critical operations to the internet, then you're going to need to have adequate cyber-security defenses to ensure resilience."
Energy Transfer Partners told Bloomberg that it is operating and that no data was compromised.
This incident comes just one month after the FBI and Department of Homeland Security issued a joint alert stating Russian government cyber actors targeted US government entities and multiple US critical infrastructure sectors, including the energy, nuclear, commercial facilities, water, aviation, and critical manufacturing sectors.
The FBI/DHS alert noted attacks using spearphishing emails, watering holes, credential gathering, open-source and network reconnaissance in their campaigns.
At this point, no attribution has been made to a specific threat group.
"It is too early to tell if this breach was related to the Russian 'Dragonfly' hackers that penetrated US plants and the FBI warned about in March," said Nick Bilogorskiy, cyber-security strategist at Juniper Networks, referring to APT group, also known as Energetic Bear, that began targeting the energy sector after originally going after US defence and aviation companies.
"The FBI/DHS alert makes it clear that our critical infrastructure is in the cross-hairs of our adversaries. This looks like a financially-motivated cyber-attack, likely by cyber-criminals, but we've seen in the past that cyber-criminals often collaborate with nation-states and share hacking tools with each other,” said Phil Neray, VP of industrial cyber-security at CyberX. Neray added that the next logical step would be for a cyber-criminal to use ransomware to knock such a system offline and then demand a massive payment.
Energy Services Group has not returned an SC Media request for further comment.