Rising attacks on oil and gas infrastructure call for revamping cybersecurity practices

By Prayukth K V
February 10, 2022
Motives of cyberattacks and weakness in Oil and Gas Infrastructure that calls for a cybersecurity revamp
[et_pb_section][et_pb_row][et_pb_column type=”4_4″][et_pb_text]

After the recent cyberattacks on two oil suppliers in Germany, oil and gas infrastructure in two more European nations were targeted by hackers in the last two days. Such attacks have created a wave of operational disruption that has extended in some instances to Africa. This could give one an idea of the scale of these cyberattacks.

What could be driving these cyberattacks on Oil and Gas entities?

  • Data stolen from past cyberattacks that are being repurposed to re-target key systems
  • Large scale targeted phishing campaigns using stolen email lists
  • Experienced APT actors who have extensively conducted multiple reconnaissance runs undetected thereby harvesting 
  • Reports are emerging about the use of BlackCat ransomware. This is relatively new and sophisticated ransomware connected with ransom-as-as-a-service ops run by some hacker groups. These attacks involve waves of locking data and DDoS attacks
  • Lack of patching and adequate vulnerability management efforts

While there is very little information to figure out the exact reasons, one can certainly point to many cybersecurity weaknesses that are common to most, if not all, oil and gas industry players. These include:

  • Reduced network visibility during some phases of critical operations, thereby opening a window for hackers to exploit
  • Networks are not segmented on its into seperate zones and conduits with interconnected devices
  • Unpatched vulnerabilities
  • Existence of many OT systems and sub-systems that are running with less or no cybersecurity cover
  • Use of untested (from a cybersecurity point of view) IoT devices
  • Oil and gas operations have scaled significantly in the last decade. However, the cybersecurity methods and practices followed by the industry is yet to evolve to cover this growth
  • Some upstream operations such as exploration operate with a basic level of security. Hackers use these operations to enter interconnected networks through laterally moving malware 
  • Unsecured remote operations in offshore sites
  • In instances where barge and terminal operations are integrated or connected to some extent, malware can be injected in either to target the other
  • Use of shared passwords and lack of multi-factor authentication (MFA) for key connected assets
  • Lack of regular VAPT and cybersecurity drills to sensitize employees  

With continuing geopolitical tensions, oil and gas companies in countries across Europe and the Middle East will be on the radar of hackers for a long time. Each successful attack will also feed more attacks in the future and keep these companies vulnerable for a while.

In order to tackle such challenges, the cybersecurity goals should be integrated into the overall institutional culture and employees sensitized about their role in securing critical systems and infrastructure. Learn how a large Oil and Gas entity is using Sectrio’s capabilities in securing IoT and OT assets. Read the case study here: Securing IoT and OT assets for a large Oil and Gas company

Try our rich IoT and OT-focused cyber threat intelligence feeds for free, here: IoT and OT Focused Cyber Threat Intelligence

Planning to upgrade your cybersecurity measures? Talk to our IoT and OT security experts here: Reach out to sectrio.

Visit our compliance center to advance your compliance measures to NIST and IEC standards: Compliance Center

Improve your cybersecurity through OT and IoT focused threat intelligence feeds free for 15 days

Get access to enriched IoT-focused cyber threat intelligence for free for 15 days  

OT and IoT Security standards and Best Practices for CISO's

Download our CISO IoT and OT security handbook  

Access our latest Global Threat Landscape report  

[/et_pb_text][/et_pb_column][/et_pb_row][/et_pb_section]

Key Points

Get the latest news and insights beamed directly to you


    Share

    Key Points

    Get the latest news and insights beamed directly to you


      Share

      Motives of cyberattacks and weakness in Oil and Gas Infrastructure that calls for a cybersecurity revamp

      Read More

      Protecting your critical assets is only a few steps away

      Scroll to Top