Canada’s leading integrated energy company Suncor Energy has announced earlier this week that it experienced a cybersecurity incident resulting in technical problems at its subsidiary, Petro-Canada.
As a result, more than 1500 gas stations nationwide are unable to accept credit card payments and customers cannot use rewards points.
Suncor Energy, ranked as the 48th-largest public company globally, is one of Canada’s major synthetic crude producers, generating an annual revenue of $31b.
“Attacks on critical infrastructure systems have the potential to not only directly disrupt a particular business, but can also have wide ripple effects to entities across the economy,” said Drew Streib, group director of software engineering at Synopsys Software Integrity Group.
“Targets like Suncor and other energy suppliers are an especially attractive target for malicious actors wishing to be highly disruptive, and many security experts agree that infrastructure entities are ripe for exploits by sophisticated attackers.”
Read more on similar attacks: NCSC Warns Against Chinese Cyber Attacks on Critical Infrastructure
The company has reportedly taken immediate measures to mitigate the attack and has engaged third-party experts to investigate and resolve the situation. Authorities have also been notified and Suncor is cooperating fully with their investigation.
“While we work to resolve the incident, some transactions with customers and suppliers may be impacted,” the firm said in a release.
At the same time, the company assured the public that there is no current evidence to suggest that customer, supplier or employee data has been compromised or misused due to the cybersecurity incident.
“Although the details of the cyber incident are few, this sounds like a targeted attack against the point-of-sales systems since the organization is unable to accept and process credit/debit card transactions,” commented Stephen Gates, principal security SME at Horizon3.ai.
According to the executive, most ransomware occurrences lock workstations and data stores but rarely target what most would consider the Internet of Things (IoT).
“On the other hand, many gas pumps run commonly used operating systems (like Windows CE) which could make them a considerable target for ransom since an outage could cause untold consumer pain,” Gates added.
The cyber-attack on Suncor Energy comes months after the UK National Cyber Security Centre (NCSC) warned against “state-aligned” Russian groups that could launch destructive attacks on critical national infrastructure (CNI).