Oil prices are rising globally. A few days ago, crude oil breached the $80 a barrel mark and the prices don’t seem to be cooling any time soon. Along with the rising prices, the cyberattacks on this sector have also shown a significant rise in the last few weeks indicating increasing hacker interest in the sector.
Hackers were always interested in the oil and gas sector
That’s a fairly easy assumption to make. This assumption is however backed by facts and data. In the last three years, attacks on this sector have risen by nearly 500 percent. The baseline cyberattack rates in the oil and gas sector are among the highest across industries. The average ransom paid by oil and gas companies is higher than those paid by their peers in other industries. Thus, hackers earn more for every breach or cyberattack they launch.
As we have seen in the case of the Colonial Pipeline attack, hackers are also interested in causing large-scale disruption while conveying a geopolitical message. All this makes oil and gas turn into a very lucrative sector for hackers and malware developers. You will be surprised to learn that as much as 19 percent of all malware developed is deployed and tested through attacks on the oil and gas sector. This includes attacks on gasoline storage facilities, pipelines, oil rigs (onshore and offshore), natural gas storage facilities, and refineries.
Lack of good cyber hygiene practices, use of untested and unsecured devices, improper/inadequate segmentation of various data streams (connected to IoT, OT, and IT), and lack of visibility into supply chain integrity are weaknesses that are impacting the cybersecurity posture of oil and gas companies. With oil and gas companies showing an unwavering focus on expanding production, controlling refining output, and on delivering petroleum products to consumers across geographies, cybersecurity sometimes ranks low on the list of their priorities.
What can be done
• Focus on gaining visibility into operations, networks, and supply chains
• Conduct vulnerability scans with greater frequency
• Use contextual threat intelligence to detect threats early
• Segment your networks to prevent lateral movement of malware
Interested in learning how you can secure your oil and gas infrastructure from cyberattacks? Meet us at GITEX and book your free consultation session with our cybersecurity experts now.
Try our threat intelligence feeds for 2 weeks for free.
Correlation between rising oil prices and cyberattacks on the O&G sector
If we were to compare the two charts above, one can correlate the two trends. The steep rise in crude prices has also led to a similar rise in the number of cyberattacks in this sector. In fact on September 28th, when the crude prices peaked at 80USD/barrel, the daily average number of oil and gas cyberattacks registered by our honeypots showed a peak as well.
However, while the crude oil prices declined during the next trading day, the cyberattacks continued to rise.