Superior Plus is Latest Fuel Supplier Hit by RansomwarePropane Supplier Has Taken Some Systems Offline Ahead of Winter Season
North American propane supplier Superior Plus, which provides products and services related to propane and distillates to more than 780,000 customers in the U.S. and Canada, says it was the victim of a ransomware attack on Sunday.
The company temporarily took computer systems and applications offline as a precautionary measure, according to a company statement. The statement says the company is investigating the matter along with undisclosed cybersecurity experts to understand the scope of the attack.
"Upon learning of the incident, Superior took steps to secure its systems and mitigate the impact to the Corporation’s data and operations. Independent cybersecurity experts have been retained to assist the Corporation in dealing with the matter in accordance with industry best practices," Superior says.
There is no evidence of any compromise in the safety or security of any of its customers' personal data, according to the company’s initial investigation.
Superior Plus has yet to respond to Information Security Media Group's request for information about the scope of the attack.
"The magnitude of this attack isn't yet known, and only Superior can provide more details, but the fact that Superior has taken certain systems offline is an indication that the attackers were successful and it's now time to do more than the minimum," says Sam Curry, chief security officer at cybersecurity company Cybereason.
A Timely Attack
Erich Kron, security awareness advocate at KnowBe4, calls this a well-timed attack ahead of the holiday season. "This attack and related disruption has the potential to be a significant issue for consumers and organizations alike during these holiday seasons," Kron tells ISMG.
Many consumers rely on propane gas to heat their homes and cook their holiday meals, he says. "Commercial organizations often rely on propane to fuel their fleets of equipment, such as forklifts, to help move product in and out of their warehouse and to load trucks for shipping goods. Without propane, the already stressed supply chain can be further stressed, resulting in the slower movement of goods right at the peak shopping time of the year."
Kron advises organizations and individuals to be extra vigilant in the weeks ahead as businesses often face staff shortages during holiday periods and this slows the detection of and response to attacks.
Response and Recovery
It is not known if Superior has already deployed backup systems, but countering such an attack on a critical infrastructure requires prior simulation and preparedness, according to Tim Mackey, principal security strategist at the Synopsys Cybersecurity Research Center.
"After all, if you are figuring out how to respond while trying to restore operations, there's a greater potential for something to go wrong, or slip through the cracks. During such planning, it’s important that all software, systems and processes be evaluated for potential compromise and then be actively monitored," Mackey says.
"Active evaluation and monitoring can only lead to two scenarios: "Worst case, you improve how you operate your business. Best case, you detect an attack early enough to limit its damage."
Critical Infrastructure Laws
In May, the ransomware attack on Colonial Pipeline prompted lawmakers across the U.S. political spectrum to introduce two bills (see: 2 Bills Introduced in Wake of Colonial Pipeline Attack) designed to address cybersecurity shortcomings in the nation's critical infrastructure - especially gas and oil pipelines.
The first of the two, the bipartisan Pipeline Security Act, was introduced to codify into law the roles that the Transportation Security Administration and the Cybersecurity and Infrastructure Security Agency play in securing gas and oil pipelines. The bill also required the TSA to update pipeline security guidelines within a year and expand congressional oversight of the agency's role, especially when it comes to cybersecurity.
Another bipartisan proposal in the House, the CISA Cyber Exercise Act, was introduced so that CISA would be required to create a "national cyber exercise program" in which the government and companies would test their IT infrastructures against cyberthreats, including ransomware.
Both the bills are still pending approval due to suggested amendments.