The energy sector is one of the key targets of cyberattacks, new research shows
The alarm bells have been ringing throughout the oil and gas sector as the price of a barrel of oil has plunged into negative territory. But while focus is fixated on the price of the commodity attainable on the market, the energy sector should be looking elsewhere: at its cybersecurity resilience.
A spearphishing campaign targeting the oil and gas sector has been launched in the last month aimed at trying to siphon off internal data in much the same way that bandits tap oil pipelines to secret away black gold. Researchers at Bitdefender have uncovered a number of efforts to tap into 150 different oil and gas companies worldwide, using the Agent Tesla spyware trojan.
How the attack works
The attack is a simple one: attackers have impersonated a popular engineering contractor based in Egypt called Enppi, or Engineering for Petroleum and Process Industries. The company has extensive experience in working on offshore oil and gas projects in a number of countries, including the United States, South Africa, Iran, Malaysia and Turkey – all of which have been targeted in the malware attack.
A second attempt to break into internal systems of oil and gas companies was even more carefully crafted: it used data about the movements of an oil tanker, which is used to transport cargo across the world, to try and convince people to click and allow the payload access to systems.
Let loose on oil and gas companies’ IT systems, the trojan logs keystrokes made on all computers attached to the network – potentially interesting information for whoever wants to get it.
A state sponsored attack?
The key question is who would want to gain access to the 150 firms targeted across the world. Some clues are given in the timing of the attack, which came around the historic OPEC+ deal which limited the production of oil in key countries in order to try and stop the steep price drop for the commodity.
That “suggests motivation and interest in knowing how specific countries plan to address the issue,” write the researchers. The attack also appears highly polished, inviting those who receive it to bid in an auction for equipment and materials to work on a well-known project. “To someone in the oil and gas industry, who has knowledge about these projects, the email and the information within might seem sufficiently convincing to open the attachments,” the researchers claim.
Targets include the world’s biggest producers
The geographical spread of the victims of the spear phishing campaign appears at first glance to be broad. But most of the reports Bitdefender received about the attack are focused on the United States, Iran and Malaysia – the former two of whom are amongst the biggest oil producers in the world.
It’s also emblematic of the broader issue the energy sector is facing from cyberintrusions. Since October 2019, the number of attacks against oil and gas firms has steadily increased every month, peaking in February 2020.
“With over 5,000 malicious reports from companies that operate in the energy industry, cybercriminals seem to have taken a keen interest in this vertical, perhaps as it has become more important and strategic after recent oil price fluctuations,” the researchers say.
The question is whether as the coronavirus crisis starts to normalise, and presumably the price of a barrel of oil starts to steady alongside it, whether criminals will bother to target the energy industry with the same vigour as before.