Infrastructure sabotage, insiders, ransomware and malware are the biggest threats facing the oil and gas industry.
A cyber-attack on the world’s largest oil company, Saudi Aramco in 2012, caused the shutdown of tens of thousands of the company’s servers. The malware-based attack affected 30,000 workstations and took the Saudi Arabian company more than a week to resolve.
This is one of several cyber attacks discussed in a new report by Trend Micro, a cybersecurity solutions firm. The report details cyber risks facing the oil and gas industry and supply chain. According to the report, these organizations face increased risk from advanced threat groups, however they do have the power to defend against these attacks.
“Industrial cybersecurity is not hopeless. We sometimes forget that in complex environments with appropriate security controls, the attacker is the one who has to get everything right,” said Bill Malik, Vice President of Infrastructure Strategies for Trend Micro, said in a statement.
According to Trend Micro, while cyber-attacks in the industry are not always sophisticated they can still cause physical damage and have a devastating impact on production. Researchers looked at numerous attacks over the last decade and found that geopolitics and espionage were key motivations behind many of the attacks that have occurred.
According to the report, infrastructure sabotage, insiders, ransomware and malware are the biggest threats facing the oil and gas industry.
Infrastructure sabotage occurs when an attacker collects information about the target and uses it to compromise systems or computer servers on the targeted network. This kind of attack can include altering the behavior of software, deleting or wiping specific content to cause disruption, or deleting or wiping as much content as possible on any machine accessible to the hackers.
According to the report, disgruntled employees and other insiders pose serious threats to the companies they work for. They can hurt companies by altering data to create problems or cause damage. Other examples of insider sabotage include employees who have deleted or destroyed data from corporate servers or shared project folders. These actors are sometimes motivated by financial gain and might steal intellectual property for themselves or a competitor.
Ransomware is one of the cyber threats that has gained increased attention as more and more oil and gas companies are hit. Last month, Pemex, a Mexican- state oil and gas conglomerate, was hit with a ransomware attack that crashed its servers and affected 5 percent of the organization’s computers. According to the report, the goal of these kinds of attacks is to render the company unable to operate its normal business or unable to recover its lost data , so that it is more likely to pay the ransom.
According to the report, malware remains a dangerous threat to the oil and gas industry due to it’s ever-changing nature. Once a hacker is able to infiltrate a network using malware, the goal is to remain undetected. For this reason, hackers regularly update their malware to optimize the potential for cyberespionage.
In order to defend against these attacks, Trend Micro recommends companies invest in measures like domain name security, data integrity checks, SSL certificate monitoring, two factor authentication for webmail, and improved employee training.
“Industrial control systems (ICS) manufacturers and integrators are beginning to understand the value of a comprehensive, layered approach to information security. In tandem, information security firms like Trend Micro are expanding their integration and analytical capabilities,” Malik said. “As the IIoT market consolidates, enterprises will have a clearer choice identifying superior, well-integrated and proven technology to protect their systems.”