Petro-Canada issues may be 'tip of the iceberg' after Suncor cybersecurity incident
Suncor Energy Inc. falling victim to a cyberattack may be the most significant cybersecurity breach of an oil and gas company thus far in Canadian history, experts say.
The Calgary-based oil company has provided no details about the attack or which parts of its operations were affected, saying simply in a news release issued late Sunday that it had “experienced a cybersecurity incident.”
The confirmation followed days of public speculation, after social media users complained on Twitter over the weekend about an inability to use credit or debit cards at the company's chain of Petro-Canada gas stations in multiple major Canadian cities, as well as difficulties accessing car wash services.
On Saturday, Petro-Canada's official Twitter account also issued a tweet saying that the company's Petro-Points app and website were temporarily unavailable.
As of mid-day Monday, some of Suncor's Petro-Canada sites remained cash-only, and its app and Petro-Points login were unavailable. Car washes were also unavailable at some locations, the company said via social media.
Ian L. Paterson, CEO of Vancouver-based cybersecurity company Plurilock Security Inc., said these public-facing issues could be “just the tip of the iceberg.” He added that as early as Friday, he was also hearing about Suncor employees being unable to log in to their own internal accounts.
“All of these things put together seem to suggest that there could be a sizable cyber incident that's taking place,” Paterson said, cautioning that much is still unknown about the current situation.
“I think that this actually could be the Canadian Colonial Pipeline, just in the sense that Suncor is such a large part of the economy.”
In 2021, a ransomware attack successfully targeted the Colonial Pipeline, the largest pipeline system for refined oil products in the U.S.
It was the largest cyberattack on oil infrastructure in the history of the United States, and forced the company to temporarily halt pipeline operations.
Although the pipeline was only shut down for a few days, the disruption in the U.S. fuel supply caused the rerouting of flights, panic buying and short-term price spikes.
In Canada, there hasn't been a publicized, large-scale, successful cyberattack on a domestic oil and gas company, though in April an apparent release of Pentagon documents onto social media sites contained a claim by Russian-backed hackers that they had successfully accessed Canada's natural gas infrastructure.
The leaked documents did not name a specific company, and the legitimacy of that claim remains unclear.
However, cybersecurity experts have been warning for years that this country's energy industry is an attractive target for cybercriminals.
Earlier this year, the Canadian Centre for Cyber Security (CCCS) - part of the federal Communications Security Establishment, which provides the government of Canada with information technology security and foreign signals intelligence - warned that the oil and gas sector attracts “more than its share” of attention from cybercriminals.
The CCCS said that is because of the high value of the industry's assets and “the degree of customer dependence on the industry's products,” adding that cybercriminals motivated by financial gain are the top cyber threats facing the Canadian oil and gas sector.
“We assess that ransomware is almost certainly the main threat to the supply of oil and gas to customers,” the agency wrote in a report.
“Since oil and gas organizations are part of Canadian critical infrastructure, they are attractive targets for extortion because of the importance of these products and services to Canadians.”
The CCCS also warned that while politically motivated attacks are less likely, state-sponsored or state-aligned cybercriminals - including those with ties to Russia, China and Iran - have targeted the global energy sector in the past for both espionage purposes as well as with an intent to create mayhem.
“The cybersecurity industry as a whole, and certainly governments both at the federal level and others, have been sounding the alarm for many years that critical infrastructure in particular is vulnerable,” Paterson said.
“This has the potential to be very, very serious for Suncor, and it's not really a surprise.”
There is no indication that any of Suncor's critical infrastructure, such as oilsands facilities or refineries, have been affected by the incident.
The company said there is also no evidence that any customer, supplier or employee data has been compromised or misused.
Paterson said in the best-case scenario, Suncor will have caught the breach quickly. But he said it's also possible that it could take the company a very long time to resolve the issue.
“The problem here is that it's such a large operation with multiple subsidiaries with such an expansive set of services,” he said.
“If the threat actor has been present and persistent for a long time, it could take a very long time to root them out.”
This report by The Canadian Press was first published June 26, 2023.
CTVNews.ca Top Stories
Trump promises a 25% tariff on products from Canada, Mexico
U.S. president-elect Donald Trump said on Monday that on his first day in office he would impose a 25 per cent tariff on all products from Mexico and Canada, and an additional 10 per cent tariff on goods from China, citing concerns over illegal immigration and the trade of illicit drugs.
'Devastating:' Ford warns of impact of new tariffs promised by Donald Trump
Ontario Premier Doug Ford is warning that Donald Trump’s promise to impose a 25 per cent tariff on goods arriving in the United States from Canada and Mexico could have a 'devastating' effect on the province’s economy.
Legault says Trump's 25 per cent tariff would pose 'huge risk' for Quebec, Canadian economies
Premier François Legault says President-elect Donald Trump's threat of a 25 per cent tariff on all imports would pose a 'huge risk' to the Quebec and Canadian economies.
Premiers seek 'urgent' meeting with Trudeau before Trump returns to White House
Canada's premiers are asking Prime Minister Justin Trudeau to hold an urgent first ministers' meeting ahead of the return to office of president-elect Donald Trump.
Here's how much Alberta exports to the United States
With the United States being Alberta’s top trade partner, sweeping 25 per cent tariffs proposed by President-Elect Donald Trump could have a major effect on the province’s economy.
'It's just not fair': Retirees speak out on being excluded from federal rebate cheques
Carol Sheaves of Moncton, N.B., says it's not fair that retirees like her won't get the government's newly proposed rebate cheques. Sheaves was among the seniors who expressed their frustrations to CTVNews.ca about not being eligible for the $250 government benefit.
NDP support for part of Liberal relief package in question, as House stalemate persists
After telling Canadians that New Democrats would back Prime Minister Justin Trudeau's holiday affordability package and help pass it quickly, NDP Leader Jagmeet Singh now wants it split up, as he's only ready to support part of it. Public Services Minister Jean-Yves Duclos said the Liberals are 'certainly open to working with the opposition parties,' to find a path forward.
Deer spotted wearing high-visibility safety jacket in Northern B.C.
Andrea Arnold is used to having to slow down to let deer cross the road in her Northern B.C. community. But this weekend she saw something that made her pull over and snap a photo.
Canadian Army corporal fined for stolen valour at Remembrance Day ceremony
A corporal in the Canadian Army has been fined $2,000 and given a severe reprimand for wearing service medals he didn't earn during a Remembrance Day ceremony in Alberta two years ago.