Calgary-based Suncor Energy says it suffered a cybersecurity incident

CALGARY –

Canadian oil firm Suncor Energy Inc. has confirmed it has been the sufferer of a cyberattack.

The Calgary-based power large mentioned in a news launch late Sunday that it has “experienced a cyber-security incident.”

Suncor supplied no additional particulars in regards to the assault, or which elements of its operations have been affected.

However, over the weekend, social media customers complained about an incapacity to make use of credit score or debit playing cards on the firm’s chain of Petro-Canada fuel stations, in addition to difficulties accessing automobile wash.

Ian L. Paterson, CEO of Vancouver-based cybersecurity firm Plurilock Security Inc., mentioned that as early as Friday, he was additionally listening to Suncor staff being unable to log in to their very own inner accounts.

Paterson mentioned a lot remains to be unknown in regards to the assault and its impacts, however added his early learn on the scenario is that this isn’t a minor knowledge breach.

On Saturday, Petro-Canada’s official Twitter account additionally issued a tweet saying that the corporate’s Petro-Points app and web site have been quickly unavailable.

“All of these things put together seem to suggest that there could be a sizable cyber incident that’s taking place,” Paterson mentioned.

“I think that this actually could be the Canadian Colonial Pipeline, just in the sense that Suncor is such a large part of the economy.”

In 2021, a ransomware assault efficiently focused the Colonial Pipeline, the biggest pipeline system for refined oil merchandise within the U.S.

It was the biggest cyberattack on oil infrastructure within the historical past of the United States, and compelled the corporate to quickly halt pipeline operations.

In Canada, there hasn’t been a large-scale, profitable cyberattack on a home oil and fuel firm, although cybersecurity specialists have been warning for years that this nation’s power business is a gorgeous goal for cybercriminals.

That contains each financially motivated cybercriminals, corresponding to ransomware attackers, in addition to state-sponsored hackers searching for to create geopolitical mayhem.

“This has the potential to be very, very serious for Suncor, and it’s not really a surprise,” Paterson mentioned.

“The cybersecurity industry as a whole, and certainly governments both at the federal level and others, have been sounding the alarm for many years that critical infrastructure in particular is vulnerable.”

There isn’t any indication that any of Suncor’s vital infrastructure, corresponding to oilsands amenities or refineries, have been affected by the incident.

The firm mentioned there may be additionally no proof that any buyer, provider or worker knowledge has been compromised or misused.

Suncor mentioned Sunday that some transactions with clients and suppliers could also be impacted as the corporate continues to work to resolve the scenario. It additionally mentioned it has notified applicable authorities in regards to the assault.

Paterson mentioned within the best-case situation, Suncor could have caught the breach shortly. But he mentioned it is also potential that it might take the corporate a really very long time to resolve the problem.

“The problem here is that it’s such a large operation with multiple subsidiaries with such an expansive set of services,” he mentioned.

“If the threat actor has been present and persistent for a long time, it could take a very long time to root them out.”

This report by The Canadian Press was first revealed June 26, 2023.