Were Europe’s oil refineries prepared for a cyberattack?

Major oil terminals in some of Western Europe's biggest ports fell victim to a cyberattack at a time energy prices are already soaring.
7 February 2022

Last week, major oil terminals at some of Western Europe’s biggest ports were reported to have fallen victim to a cyberattack at a time when energy prices are already soaring. Belgium, Germany, and the Netherlands saw their oil facilities suffer ransomware attacks that could lead to severe problems in the oil supply chain across the region.

Belgian prosecutors have launched an investigation into the hacking of oil facilities near the country’s maritime entryways, including Antwerp, Europe’s second-biggest port after Rotterdam.

In Germany, prosecutors said they were investigating a cyberattack targeting oil facilities in what was described as a possible ransomware strike, in which hackers demand money to reopen hijacked networks.

Oil prices hit a seven-year high last month amid diplomatic tensions with gas supplier Russia, and energy bills are fuelling a rise in inflation that has spooked European policymakers. The EU’s Europol police agency said it was aware of the incidents in Germany and had offered support to authorities.

One of the main victims seems to be the cross-border Dutch and Belgian Amsterdam-Rotterdam-Antwerp oil trading hub, where company IT systems were affected by the attack. SEA-Tank Terminal, which has storage facilities in Antwerp, was hit, Belgian daily De Morgen reported.

The Dutch National Cyber Security Centre said the attacks were “probably committed with a criminal motive” and pledged to take further action “if necessary”. In Germany, two oil supply companies said they were victims of the cyberattack since Saturday, January 29.

Major oil terminals in some of Western Europe's biggest ports fell victim to a cyberattack at a time energy prices are already soaring

An oil pumpjack (C) operates as another (R) stands idle in the Inglewood Oil Field in Los Angeles, California. (Photo by MARIO TAMA / GETTY IMAGES NORTH AMERICA / Getty Images via AFP)

Not the first cyberattack on an oil company

TechHQ reached out to several cybersecurity experts to get their views on the cyberattack.

According to Scott Connarty, General Council at Adarma, a worrying pattern is now emerging of cyberattackers targeting critical infrastructure in order to impede supply chains and cause as much economic disruption as possible. This latest attack should be a further reminder of the ever-increasing frequency, sophistication, and severity of cyberattacks that organizations are facing.

“Having experienced a very similar cyberattack in a previous company, I, unfortunately, know how crippling a ransomware incident like this can be on a company’s continued ability to trade, and the extreme pressure that is heaped onto an executive team to successfully navigate through such a crisis. The importance of all businesses constantly managing their cybersecurity has never been more apparent,” he added.

Meanwhile, Debrup Ghosh, Senior Product Manager at Synopsys Software Integrity Group explained that the attack once again illustrates that today every company is a software company. Ghosh pointed out that Colonial Pipeline was perhaps just the start of a rather disturbing trend of cyberattacks on organizations tied to critical infrastructure. As a result, these companies need to invest in software supply chain risk management strategies to mitigate business risks posed by the recent exponential rise in malicious attacks.

“With the close adjacency between logistics and energy industries, both critical to national security, every CISO today in transportation, logistics and supply chain-related companies should be asking their vendors for an extensive software Bill of Materials to build appropriate controls as part of their overall risk management strategy to satisfy regulatory, compliance and insurance requirements,” commented Ghosh.

For Gary Gardiner, the Head of Security in APAC & Japan for Check Point Software Technologies, cybercriminals like to hit where it hurts. The recent cyberattack on Oiltanking Deutschland underscores a clear trend of ransomware gangs targeting our critical infrastructure. In 2021, the global utility sector saw a staggering 274% increase in the number of average weekly attacks compared to 2020, according to Check Point Research’s (CPR) latest Security Report.

“The choice to target Oiltanking Deutschland was highly strategic by cybercriminals. They’re looking for a snowball effect. In other words, the hackers here are thinking about the second and third-order effects to optimize for profits,” commented Gardiner. “They know that any disruption to Oiltanking Deutschland has the potential to become a national and European issue. Gas prices can quickly get out of control. People’s day-to-day lives can be affected.

“All of this can compound to place unprecedented pressure on the ransomware victims to cave in and meet the demands of the cybercriminal behind the Oiltanking Deutschland. The motivations behind choosing Oiltanking Deutschland as a target are similar as to why the Colonial Pipeline was chosen as a target,” he added.

Bloomberg reported that the breaches have coincided with one of the tightest diesel markets that Europe has seen in years. The disruption has even left companies like Shell Plc unable to load fuels onto trucks at Oiltanking Deutschland facilities and looking for alternative options.




With additional reporting from © Agence France-Presse