[BreachExchange] Superior Plus is Latest Fuel Supplier Hit by Ransomware

[Terrell Byrd]

https://www.govinfosecurity.com/superior-plus-latest-fuel-supplier-hit-by-ransomware-a-18128

North American propane supplier Superior Plus, which provides products and
services related to propane and distillates to more than 780,000 customers
in the U.S. and Canada, says it was the victim of a ransomware attack on
Sunday.

The company temporarily took computer systems and applications offline as a
precautionary measure, according to a company statement. The statement says
the company is investigating the matter along with undisclosed
cybersecurity experts to understand the scope of the attack.

"Upon learning of the incident, Superior took steps to secure its systems
and mitigate the impact to the Corporation’s data and operations.
Independent cybersecurity experts have been retained to assist the
Corporation in dealing with the matter in accordance with industry best
practices," Superior says.

There is no evidence of any compromise in the safety or security of any of
its customers' personal data, according to the company’s initial
investigation.

Superior Plus has yet to respond to Information Security Media Group's
request for information about the scope of the attack.

"The magnitude of this attack isn't yet known, and only Superior can
provide more details, but the fact that Superior has taken certain systems
offline is an indication that the attackers were successful and it's now
time to do more than the minimum," says Sam Curry, chief security officer
at cybersecurity company Cybereason.

A Timely Attack
Erich Kron, security awareness advocate at KnowBe4, calls this a well-timed
attack ahead of the holiday season. "This attack and related disruption has
the potential to be a significant issue for consumers and organizations
alike during these holiday seasons," Kron tells ISMG.

Many consumers rely on propane gas to heat their homes and cook their
holiday meals, he says. "Commercial organizations often rely on propane to
fuel their fleets of equipment, such as forklifts, to help move product in
and out of their warehouse and to load trucks for shipping goods. Without
propane, the already stressed supply chain can be further stressed,
resulting in the slower movement of goods right at the peak shopping time
of the year."

Kron advises organizations and individuals to be extra vigilant in the
weeks ahead as businesses often face staff shortages during holiday periods
and this slows the detection of and response to attacks.

Response and Recovery
It is not known if Superior has already deployed backup systems, but
countering such an attack on a critical infrastructure requires prior
simulation and preparedness, according to Tim Mackey, principal security
strategist at the Synopsys Cybersecurity Research Center.

"After all, if you are figuring out how to respond while trying to restore
operations, there's a greater potential for something to go wrong, or slip
through the cracks. During such planning, it’s important that all software,
systems and processes be evaluated for potential compromise and then be
actively monitored," Mackey says.

"Active evaluation and monitoring can only lead to two scenarios: "Worst
case, you improve how you operate your business. Best case, you detect an
attack early enough to limit its damage."

Critical Infrastructure Laws
In May, the ransomware attack on Colonial Pipeline prompted lawmakers
across the U.S. political spectrum to introduce two bills (see: 2 Bills
Introduced in Wake of Colonial Pipeline Attack) designed to address
cybersecurity shortcomings in the nation's critical infrastructure -
especially gas and oil pipelines.

The first of the two, the bipartisan Pipeline Security Act, was introduced
to codify into law the roles that the Transportation Security
Administration and the Cybersecurity and Infrastructure Security Agency
play in securing gas and oil pipelines. The bill also required the TSA to
update pipeline security guidelines within a year and expand congressional
oversight of the agency's role, especially when it comes to cybersecurity.

Another bipartisan proposal in the House, the CISA Cyber Exercise Act, was
introduced so that CISA would be required to create a "national cyber
exercise program" in which the government and companies would test their IT
infrastructures against cyberthreats, including ransomware.

Both the bills are still pending approval due to suggested amendments.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20211215/987065c5/attachment.html>