[Security Weekly] Iran’s Gas Stations Shut Down After Cyberattack
November 2021, Issue I
1. Iranian gas stations shut down after cyberattack on oil distribution network
A large number of gas stations across Iran were forced to shut down on October 26 as a result of a cyberattack on the oil distribution chain. All affected gas stations were run by the National Iranian Oil Products Distribution Company (NIOPDC), which has been operating more than 3,500 gas stations across the country for over 80 years.
For many hours, motorists across the country were not able to fill up their gas tanks. Moreover, customers were not able to receive government subsidies, as they normally do using a government-issued gas discount card that keeps the price as low as 5 cents per liter. The card was disabled by the attack. Some reported seeing the readers on the filling stations displaying “64411”–the phone number for the office of Iran’s Supreme Leader Ali Khamenei.
Back in July, a similar cyberattack that crippled Iran’s rail network also showed the same number on the digital displays of the rail stations, making it highly likely that the two attacks may be linked. The Iranian government accused foreign state-backed forces of the attack, although it could not pinpoint which country was behind the attack.
2. EU’s Green Pass COVID-19 vaccine passports sold online after private key leak
The European Union is investigating several reports of illegally generated COVID-19 vaccination certificates being sold on the dark web. The Green Pass is a digital certificate issued to those who have either completed vaccination or recovered from the virus.
On October 26, people reported seeing a QR code online that landed on a COVID-19 digital certificate with the name “Adolf Hitler”. Soon later, other reports suggested seeing legitimate certificates being sold on the dark web, under fictional names like “SpongeBob SquarePants” and “Mickey Mouse”. The signing of digital certificates requires the private key, after which the originality is verified by the public key (see How PKI Works?). This incident suggests that the private key may have been stolen.
What’s more concerning is that every country manages its own PKI, yet the illegally generated certificates were under different nationalities, meaning that the private key belonging to multiple countries were stolen.
This incident is particularly troublesome because it undermines trust towards the Green Pass. If the problem persists, it could potentially lead to countries asking for additional proof of vaccination. Fortunately, the personal data of Green Pass users are safe as the cryptographic keys were not compromised.
3. China’s data protection law takes into effect, followed by Yahoo’s exit
China’s new data protection law, namely the Personal Information Protection Law (PIPL), became effective on November 1 after being passed in August. The law outlines rules on personal data collection, usage, and storage, with additional requirements for foreign companies that transfer data out of the country.
All foreign companies must pass a “personal information protection impact assessment” conducted by state-owned institutions, before transferring personal data to their servers abroad. This has significant impacts on tech firms as many services require the safe collection of personal data.
It is unclear what specific criteria are included in the assessment. However, Yahoo officially announced its exit from the Chinese market two days later citing an “increasingly challenging” business environment, becoming the second tech giant to pull out of the country after Microsoft’s LinkedIn.
Firms that violate the PIPL could be fined up to 50 million CNY (roughly 7.8 million USD), while individuals responsible for the charge could be fined up to 100,000 CNY (or 16,000 USD).
4. UK Labour Party suffers data breach after ransomware attacks third-party supplier
The Labour Party of the United Kingdom, currently the Official Opposition party of the British government, disclosed a data breach that originated from a ransomware attack at an unnamed third-party IT supplier. The Party uses the supplier to manage its data.
On October 29, the Party was notified by the supplier of the ransomware attack. A significant portion of the data were encrypted and inaccessible, most of which involved the personal information of party members, along with registered and affiliated supporters.
As of now, the complete scale and impact of the incident remain unknown. All party members were told to stay cautious of phishing emails, messages, and calls. The Party suffered a very similar incident back in mid-2020, when its US-based fundraising management supplier Blackbaud was hit in a ransomware attack, leaking the personal details of the Party’s donors.
Check out Penta Security’s product lines:
Web Application Firewall: WAPPLES
Database Encryption: D’Amo
Identity and Access Management: iSIGN+
Car, Energy, Factory, City Solutions: Penta IoT Security