Cyber attack on two German oil storage and distribution firms impacts fuel supplies

Cyber attack on two German oil storage and distribution firms impacts fuel supplies

Image:
Cyber attack on two German oil storage and distribution firms impacts fuel supplies

No hacker group has yet claimed the responsibility for the attack

Two German fuel and oil distributors said Tuesday that they have fallen victim to a cyber attack, disrupting their operations in the country.

The companies, Oiltanking GmbH Group and mineral oil supplier Mabanaft GmbH & Co. KG Group, discovered on 29 January that they had been hit by an attack that disrupted their IT systems and supply chains.

Both firms are subsidiaries of the Marquard & Bahls group, which could have been the breach point.

Following the discovery of the attack, both entities launched a joint probe with the help of external cybersecurity experts to determine the full scope of the incident.

No hacking group has yet claimed the responsibility for the attack.

In a joint statement, the two firms said that they were working closely to resolve the issue as soon as possible.

'All terminals continue to operate safely,' Oiltanking and Mabanaft said.

They added that Oiltanking GmbH Group - which operates storage tank terminals for oil, gas and chemicals - was operating all terminals in all overseas markets.

However, terminals at Oiltanking Deutschland GmbH, a unit within the Mabanaft Group, are operating with limited capacity.

Oiltanking GmbH has declared force majeure for most of its supply activities. According to reports, all of Oiltanking's loading and unloading systems have been paralysed as a result of the attack.

Mabanaft Deutschland GmbH has also declared force majeure for the bulk of its inland supply business in Germany.

Use of force majeure excuses a company from meeting contractual commitments due to an unusual incident beyond its control.

In Germany, Oiltanking operates a total of 13 tank farms, and its customers include medium-sized companies, as well as the large corporation Shell.

In a statement to Reuters, Shell said that it was re-routing oil supplies to alternative supply depots for the time being.

According to reports, there is currently no risk of a complete failure of the tank supply in Germany due to the fact that more than two dozen firms are presently active in the market.

In view of the disruption, Aral, Germany's biggest petrol station network with roughly 2,300 stations, has been feeding its stations from alternate sources.

"The supply of Aral is currently secure despite the loading halt at Oiltanking," a spokesperson said.

Although the exact nature of the attack remains unclear, ransomware is an obvious candidate, according to experts.

It's also possible that a state actor looking to wreak widespread disruption and economic damage is behind these incidents.

Previous cyber attacks on supply chains include a ransomware attack that targeted US fuel supply company Colonial Pipeline in May.

The shutdown of Colonial's system sparked panic in the southeastern US, with residents seen lining up at petrol pumps for several hours over fears of fuel shortage. Petrol prices rose as a result of fuel supply disturbance, and some stations ran out of fuel.

Commenting on the latest cyber attacks on German fuel and oil distributors, Oliver Pinson-Roxburgh, CEO of Defense.com, said: "Critical infrastructure organisations like Oiltanking are high priority targets for hackers. Although the perpetrators and methods are still unclear at this point, we know that for nation-state attacks crippling infrastructure is their primary goal, and for hacking groups it is financial gain. Both could be at play in this case."

"Oiltanking has a vast physical, and digital footprint. Such organisations have a tiny margin for error on cyber risks, with their sprawling IT infrastructure creating a huge number of potential entry points to be probed by a bad actor. Hackers continue to innovate and adapt their attack vectors, so organisations must remain agile in their security practises. The key for cyber resilience in today's hyper-connected world is an end-to-end approach to cybersecurity, bringing together governance, compliance, and technology.

"Industrial control systems (ICS) are an obvious target, but often the path of least resistance is still people, with such large sites and non-technical resources providing a ready opportunity to attack. A simple miss configuration to an ICS can open the door to the whole network. It should not be forgotten that there are thousands of ICS devices connected to the internet, creating a large attack surface for bad actors to exploit."