Trend Micro Incorporated has announced the findings of new research on the cyber risks facing the oil and gas industry. The research found that the oil and gas industry and its supply chain face increased risk from advanced threat groups and others as they continue to build out digitally connected infrastructure.
The latest in-depth report from Trend Micro draws on insights into almost a decade’s worth of cyberattacks against the sector, finding geopolitics and espionage motivate attackers targeting the oil and gas industry. While these attacks are not always sophisticated, they are often targeted and impact production, which can cause real-world damage.
As the report reveals, oil and gas companies typically run sprawling operations with sites in hard-to-reach locations. Remote monitoring for performance, quality control and safety is therefore essential, but with bandwidth limitations and the focus on availability, communications are often left unencrypted.
The focus on data availability makes financially motivated ransomware attacks a critical risk for the industry. Carefully planned and well-executed ransomware attacks can cost millions of dollars in damages and down time. Known cases of ransomware infecting oil and gas companies were designed to create the most havoc, which results in a higher likelihood of the perpetrators being paid.
Additionally, oil and gas companies have increasingly come under the scrutiny of advanced threat groups, like APT33, which usually attack military and defence organisations with geopolitical agendas. The sector is also at risk from attacks designed to steal sensitive information and financially motivated ransomware.
In the report, Trend Micro Research details a wealth of tools and techniques readily available for attackers in cybercriminal underground forums, including DNS hijacking, phishing of VPN and webmail services, zero-day exploits, webshells, mobile malware and more.
Trend Micro recommends a range of defensive strategies to mitigate the cyber threats facing oil and gas firms, including:
- Domain name security, like two factor authentication for changes to DNS settings
- Data integrity checks
- Implementing DNSSEC
- SSL certificate monitoring
- Two factor authentication for webmail
- Improved employee training
- Comprehensive risk assessment of cloud services
“Industrial cybersecurity is not hopeless. We sometimes forget that in complex environments with appropriate security controls, the attacker is the one who has to get everything right,” said Bill Malik, Vice President of Infrastructure Strategies for Trend Micro. “Industrial control systems manufacturers and integrators are beginning to understand the value of a comprehensive, layered approach to information security. In tandem, information security firms like Trend Micro are expanding their integration and analytical capabilities. As the IIoT market consolidates, enterprises will have a clearer choice identifying superior, well-integrated and proven technology to protect their systems.”