Suncor Energy hit by Giant Cyberattack
Tuesday, 27 June 2023
The recent cyberattack on Suncor Energy Inc. may just be the most significant cybersecurity breach of an oil and gas company in all of Canadian history. Suncor Energy confirmed late on Sunday that it had "experienced a cybersecurity incident," though has opted not to elaborate on the full extent of the incident at this stage.
Social media users had been complaining on Facebook and Twitter earlier in the week about an inability to use debit and credit cards at the company's chain of Petro-Canada gas stations, in addition to having difficulty accessing car wash services. These reports spanned multiple major Canadian cities, and on June 24, Petro-Canada's official Twitter account issued a tweet saying that their Petro-Points app and website were temporarily unavailable.
These public-facing issues could be "just the tip of the iceberg," according to Ian L. Paterson, chief executive officer of Vancouver-based cybersecurity company Plurilock Security Inc. According to Paterson, Suncor employees were reporting they were unable to log in to their own internal accounts as early as June 23.
"All of these things put together seem to suggest that there could be a sizeable cyber incident that’s taking place," Paterson said, cautioning that much of the information surrounding the current situation is still unknown. "I think that this actually could be the Canadian Colonial Pipeline, just in the sense that Suncor is such a large part of the economy."
"The cybersecurity industry as a whole, and certainly governments both at the federal level and others, have been sounding the alarm for many years that critical infrastructure in particular is vulnerable,” Paterson said. "This has the potential to be very, very serious for Suncor, and it’s not really a surprise."
In 2021, the Colonial Pipeline, the largest pipeline system for refined oil products in the U.S., was successfully targetted by a ransomware attack. It was the largest cyberattack on oil infrastructure in the history of the United States, and forced the company to temporarily halt pipeline operations.
Canada hasn't previously seen cyberattacks on domestic oil and gas companies, though in April leaked Pentagon documents contained a claim by Russian-backed hackers that they had successfully accessed Canada's natural gas infrastructure. The leaked documents did not name a specific company, and the legitimacy of that claim remains unclear.
Earlier this year, the Canadian Centre for Cyber Security (CCCS) warned that the oil and gas sector attracts "more than its share" of attention from cybercriminals. This is believed to be because of the high value of the industry's assets and "the degree of customer dependence on the industry's products." The CCCS added that cybercriminals motivated by financial gain are the top cyber threats facing the Canadian oil and gas sector.
"We assess that ransomware is almost certainly the main threat to the supply of oil and gas to customers," the agency wrote in a report. "Since oil and gas organisations are part of Canadian critical infrastructure, they are attractive targets for extortion because of the importance of these products and services to Canadians."
In the best-case scenario, Suncor have caught the breach quickly, thus mitigating the damage. But Paterson warned that it's also possible that it could take the company a very long time to resolve the issue. "The problem here is that it's such a large operation with multiple subsidiaries with such an expansive set of services," he said. "If the threat actor has been present and persistent for a long time, it could take a very long time to root them out."
