According to a recently released report, cyber attacks against global oil and gas facilities are on the rise. The report by cybersecurity vendor Dragos Inc. indicates these threats could have devastating consequences and cautioned industrial control system (ICS) operators to ramp up security.
“The oil and gas industry is a valuable target for adversaries seeking to exploit industrial control systems environments,” the report says. “As the number of attacks against ICS overall is increasing, adversaries with specific interest in oil and gas companies remain active and are evolving their behaviors.”
At various stages of oil and gas operations, from exploration and production to customer distribution, operational technology is in close proximity to information technology networks. The report titled “Global Oil and Gas Cyber Threat Perspective” takes a look at disruption events from cyber attacks across three different stages of operations: upstream, midstream, or downstream.
According to the report, oil and gas companies are at increased risk due to the numerous intrusions into ICS networks for reconnaissance and research purposes, and adversary use of destructive malware at their facilities. One of the main threats is tied to the supply chain of these operations which can be compromised by hackers targeting equipment manufacturers, third-party vendors, and telecommunications providers.
Dragos believes that the oil and gas industry is at particular risk for cyber attacks because of the impact the industry has on the economy and political climate and because processes in this industry are highly volatile. Additionally, cyber attacks on oil and gas operations are at high risk for a destructive loss of life. For this reason, Dragos believes state-associated hackers will increasingly target oil and gas and related industries to further political, economic, and national security goals.
Despite the risk inherent to oil and gas, there remains little cybersecurity visibility in the industry’s operational environments. Dragos claims this is why intrusions in these operations go undetected for longer periods of time. Additionally, this prohibits analysts from determining root causes after an attack.
“As adversaries that target ICS environments improve their capabilities, they can more easily execute difficult attacks that cause operational disruptions or environmental damage,” the report says. “Due to the political and economic impact, and direct effect on civilian lives and infrastructure, the oil and gas industry has a high risk for ICS targeted destruction and disruption campaigns originating from a cyberattack.” Targeting oil and gas can have some very real and serious consequences.
In addition to the report’s overall findings, it also includes details of a new threat group currently targeting oil and gas facilities. Hexane has been active since 2018, and has also targeted telecommunications companies in the Middle East, Central Asia, and Africa. The report also includes information on eight other ICS-targeting groups.
In order to combat these threats, the report provides a series of recommendations. These include taking a comprehensive approach for visibility into ICS/OT environments to ensure there is not a visibility gap and segmenting and isolating networks to limit adversary lateral movement capabilities. Dragos also recommends assessing asset owner hosted, publicly posted information and data that would generate sensitive information that could be utilized by an adversary. Additionally, companies should develop, review, and practice cyber attack response plans and integrate cyber investigations into root-cause analysis for all events.