[ad_1]
Calgary-based Suncor Energy is the latest oil company to report it experienced a cyber security incident.
This advertisement has not loaded yet, but your article continues below.
Suncor says it has already notified the proper authorities and is working with third-party experts to investigate and resolve the situation.
The company provided no further details about the type of attack, or which parts of its operations were affected.
However, over the weekend, social media users complained about an inability to use credit or debit cards at the company’s chain of Petro-Canada gas stations, as well as difficulties accessing car wash services.
Ian L. Paterson, CEO of Vancouver-based cybersecurity company Plurilock Security Inc., said that as early as Friday, he was also hearing Suncor employees being unable to log in to their own internal accounts.
Paterson said much is still unknown about the attack and its impacts, but added his early read on the situation is that this is not a minor data breach.
“All of these things put together seem to suggest that there could be a sizable cyber incident that’s taking place,” Paterson said.
“I think that this actually could be the Canadian Colonial Pipeline, just in the sense that Suncor is such a large part of the economy.”
This advertisement has not loaded yet, but your article continues below.
Canadian energy industry attractive target for cybercriminals, experts say
In 2021, a ransomware attack successfully targeted the Colonial Pipeline, the largest pipeline system for refined oil products in the U.S.
It was the largest cyberattack on oil infrastructure in the history of the United States, and forced the company to temporarily halt pipeline operations.
In Canada, there hasn’t been a large-scale, successful cyberattack on a domestic oil and gas company, though cybersecurity experts have been warning for years that this country’s energy industry is an attractive target for cybercriminals.
That includes both financially motivated cybercriminals, such as ransomware attackers, as well as state-sponsored hackers seeking to create geopolitical mayhem.
“This has the potential to be very, very serious for Suncor, and it’s not really a surprise,” Paterson said.
“The cybersecurity industry as a whole, and certainly governments both at the federal level and others, have been sounding the alarm for many years that critical infrastructure in particular is vulnerable.”
This advertisement has not loaded yet, but your article continues below.
There is no indication that any of Suncor’s critical infrastructure, such as oilsands facilities or refineries, have been affected by the incident.
The company said there is also no evidence that any customer, supplier or employee data has been compromised or misused.
Suncor said Sunday that some transactions with customers and suppliers may be impacted as the company continues to work to resolve the situation. It also said it has notified appropriate authorities about the attack.
This advertisement has not loaded yet, but your article continues below.
This advertisement has not loaded yet, but your article continues below.
Petro-Canada gas stations unable to take debit, credit card payments
Petro-Canada stations visited by Postmedia in Calgary on Saturday and Sunday were only accepting cash transactions.
Similar observations were made at the company’s fuelling stations in Ontario, where computer issues were first reported Friday.
Several Petro-Canada gas stations in Ottawa confirmed Saturday they received messages from the company telling them transactions would be cash only for the time being.
“There was no explanation,” said one employee who asked his name not be used because he’s not authorized to speak for the company.
An employee at another station said the switch to cash-only was cumbersome in the beginning, but the station had adapted.
“Most customers reacted calmly, maybe rolling their eyes. They know we aren’t to blame at the service station level. But there were some who seemed to have forgotten how to pay cash.”
The company also said on social media customers would be temporarily unable to log into their Petro-Canada loyalty program accounts.
Paterson said in the best-case scenario, Suncor will have caught the breach quickly. But he said it’s also possible that it could take the company a very long time to resolve the issue.
“The problem here is that it’s such a large operation with multiple subsidiaries with such an expansive set of services,” he said.
“If the threat actor has been present and persistent for a long time, it could take a very long time to root them out.”
— With files from Postmedia
Recommended from Editorial
[ad_2]
Source link