The suspected cyber attack on Petro-Canada has been officially confirmed.
Holding company Suncor Energy has conceded that the weekend IT outage was indeed a cyber attack on Petro-Canada.
The company claimed that it took immediate action as soon as the cyber attack on Petro-Canada was spotted, collaborating with third-party experts to investigate and address the situation.
Petro-Canada, a subsidiary of Suncor Energy, encountered a widespread IT outage that disrupted operations at gas stations in the country.
The issue, which commenced on Friday, has persisted throughout the weekend, causing inconvenience to customers who have been unable to access the Petro-Canada app and website.
Cyber attack on Petro-Canada confirmed
“Suncor has experienced a cyber security incident,” said the official announcement.
“The company is taking measures and working with third-party experts to investigate and resolve the situation, and has notified appropriate authorities.”
However, it refrained from giving the details of the type of attack or attributing it to any particular threat group.
“At this time, we are not aware of any evidence that customer, supplier or employee data has been compromised or misused as a result of this situation,” the announcement said.
Meanwhile, certain transactions with customers and suppliers will continue to be affected while the company and its security vendors work to get things back to normal, it added.
A weekend of cyber attack on Petro-Canada
A nationwide system outage, which turned out to be a cyber attack on Petro-Canada, led to significant disruptions in operations at gas stations across the country from Friday, 23 June.
Customers experienced inconvenience as they were unable to access the Petro-Canada app and website during this time, it was reported on Saturday.
According to a Petro-Canada employee who spoke to CTV News Toronto on Saturday, customers have been restricted to cash payments at some gas stations, although not all locations are affected.
The company is yet to provide specific details regarding the number and locations of impacted sites.
Meanwhile, Petro-Canada’s website and app have been inaccessible, displaying an error message stating, “Something went wrong on our side. Please try again later.”
Numerous affected customers have expressed their frustration on Twitter, seeking updates on when the system outage will be resolved.
The Canadian Centre for Cyber Security acknowledged being informed about an incident involving Petro-Canada, Reuters reported.
However, the organization typically refrains from providing detailed comments on individual cybersecurity events, it added.
Interestingly, the attack came to light a day after the Canadian Centre for Cyber Security issued a warning on possible cyber attacks on the country’s oil and gas sector.
Petro-Canada and the larger threat on oil and gas
The Canadian Centre for Cyber Security on June 22 issued a warning that hackers aligned with Russia may attempt to disrupt Canada’s influential oil and natural gas sector, particularly due to Canada’s strong support for Ukraine.
In a report titled “The Cyber Threat to Canada’s Oil and Gas Sector”, the agency highlighted that Russia has a history of deploying destructive cyber attacks against its adversaries during times of escalating geopolitical crises.
There is a significant possibility of a disruptive incident occurring in Canada’s oil and gas sector, attributing this likelihood to the higher risk tolerance, increased numbers, and heightened activity of Russia-aligned actors, it said.
“The Cyber Centre is aware that Russia’s long-standing practice has been to coordinate with non-state actors to conduct cyber threat activity against Ukrainian and allies’ critical infrastructure.”
According to the report, Canada’s oil and gas sector is highly vulnerable to state-sponsored cyber espionage with motives driven by commercial and economic interests.
The sector’s proprietary trade secrets, research, and business and production plans are at significant risk, said the report.
“We assess that there is an even chance that Canada’s oil and gas infrastructure would be affected by cyber activity against US assets due to cross-border integration,” the report added.
