After the recent cyberattacks on two oil suppliers in Germany, oil and gas infrastructure in two more European nations were targeted by hackers in the last two days. Such attacks have created a wave of operational disruption that has extended in some instances to Africa. This could give one an idea of the scale of these cyberattacks.
What could be driving these cyberattacks on Oil and Gas entities?
- Data stolen from past cyberattacks that are being repurposed to re-target key systems
- Large scale targeted phishing campaigns using stolen email lists
- Experienced APT actors who have extensively conducted multiple reconnaissance runs undetected thereby harvesting
- Reports are emerging about the use of BlackCat ransomware. This is relatively new and sophisticated ransomware connected with ransom-as-as-a-service ops run by some hacker groups. These attacks involve waves of locking data and DDoS attacks
- Lack of patching and adequate vulnerability management efforts
While there is very little information to figure out the exact reasons, one can certainly point to many cybersecurity weaknesses that are common to most, if not all, oil and gas industry players. These include:
- Reduced network visibility during some phases of critical operations, thereby opening a window for hackers to exploit
- Networks are not segmented on its into seperate zones and conduits with interconnected devices
- Unpatched vulnerabilities
- Existence of many OT systems and sub-systems that are running with less or no cybersecurity cover
- Use of untested (from a cybersecurity point of view) IoT devices
- Oil and gas operations have scaled significantly in the last decade. However, the cybersecurity methods and practices followed by the industry is yet to evolve to cover this growth
- Some upstream operations such as exploration operate with a basic level of security. Hackers use these operations to enter interconnected networks through laterally moving malware
- Unsecured remote operations in offshore sites
- In instances where barge and terminal operations are integrated or connected to some extent, malware can be injected in either to target the other
- Use of shared passwords and lack of multi-factor authentication (MFA) for key connected assets
- Lack of regular VAPT and cybersecurity drills to sensitize employees
With continuing geopolitical tensions, oil and gas companies in countries across Europe and the Middle East will be on the radar of hackers for a long time. Each successful attack will also feed more attacks in the future and keep these companies vulnerable for a while.
In order to tackle such challenges, the cybersecurity goals should be integrated into the overall institutional culture and employees sensitized about their role in securing critical systems and infrastructure. Learn how a large Oil and Gas entity is using Sectrio’s capabilities in securing IoT and OT assets. Read the case study here: Securing IoT and OT assets for a large Oil and Gas company
Try our rich IoT and OT-focused cyber threat intelligence feeds for free, here: IoT and OT Focused Cyber Threat Intelligence
Planning to upgrade your cybersecurity measures? Talk to our IoT and OT security experts here: Reach out to sectrio.
Visit our compliance center to advance your compliance measures to NIST and IEC standards: Compliance Center