After disclosed cyberattacks on IT services, different Netherlands and Belgium ports have reported operational issues. As per France24, the terminals that are operated by Oiltanking, SEA-Tank, and Evos in Ghent, Antwerp, Terneuzen, and Antwerp are encountering difficulties in their operational systems.
An Evos spokesperson said that even though their terminals are currently operational, they are facing various delays as a result of the cyberattack.
“There is a disruption of IT services at our terminals in Terneuzen, Ghent, and Malta, which is causing some delays in execution. All operations continue to take place in a safe manner,”
The Associated Press has been notified by the Procesuters in Antwerp that investigations have started and the issue is being looked over by Federal Computer Crime Unit.
Multiple organizations reported facing trouble unloading barges due to their software being hijacked, which made it tough to process each.
Oil terminals disrupted after European ports hit by cyberattack https://t.co/vsk3xU8gn5
— euronews (@euronews) February 3, 2022
These incidents were reported after oil companies Mabanaft and Oiltanking, German-owned logistics conglomerate Marquard & Bahls Group, went through a cyberattack that disabled their systems of loading and unloading.
According to Oiltanking’s statement, they “have declared force majeure” and that now their terminals are working with limited capacity.
As per Handelsblatt, a German newspaper, around 233 gas stations in Germany are running manual processes as a result of the cyberattack.
It was notified through the German Federal Office for Information Security (BSI)’s internal report that the BlackCat ransomware group was behind Oiltanking’s cyberattack.
Brett Callow, a threat analyst of Emsisoft, mentioned that it is possible that BlackCat is BlackMatter’s rebrand, which itself is DarkSide’s rebrand.
BlackMatter previously hit the Japanese tech giant Olympus but had allegedly shut down its operations due to enforcement pressure.
The Europol police agency of the EU declared that they were aware of the incidents and had shown support to the authorities. The spokesperson of Europol, Claire Georges, declared:
“At this stage the investigation is ongoing and in a sensitive stage,”
The Dutch National Cybersecurity Centre committed to taking action in case it’s necessary and said that the attack was “probably committed with a criminal motive.”
Armis’s cyber risk officer, Andy Norton, stated that the ICS cybersecurity didn’t exist for decades because it wasn’t needed. Operational and information technology were independent systems that didn’t require connecting to each other. And, legacy industrial devices didn’t connect to each other or to the internet.
Norton declared:
“This disconnection — the so-called ‘air gap’ — was thought to be all the security that OT systems needed, aside from physical access control. Now, though, IT/OT integration is becoming the norm. Connected devices stream data, monitor equipment and processes, and support line automation and other Industry 4.0 functions, so the air gap is no longer a reliable method of OT security,”
“As OT and IT continue to merge, cybersecurity requirements now apply to ICS just as much as to corporate networks, but many organizations struggle to find the right approach to protect their operational technology,”
“Facilities that can’t operate securely are at risk of going offline at any moment. A ransomware attack on an ICS facility can halt operations and leak operational and corporate data to the dark web-or destroy that data altogether.”
