Attacks on the oil and gas industry

2 October 2020
| No comments
Oil and gas industry complex

Share post

Attacks on critical infrastructures are increasing, especially in building automation and the oil and gas industry. There are still dangerous trends in the first half of the year: targeted attacks and ransomware. Worms in particular serve as attack vectors in the oil and gas industry.

In the first six months of 2020, the percentage of attacked systems within the oil and gas industry and in building automation increased compared to the second half of 2019, as a current Kaspersky study shows. Even if attacks on industrial control systems (ICS, Industrial Control System) in other sectors are declining slightly, the Kaspersky experts have identified a dangerous trend: Cybercriminals are relying less on large-scale mass attacks and more on targeted attacks. In addition, there were more ransomware attacks on ICS systems, especially in the health sector.

Cyber ​​espionage is often behind attacks

Attacks on industrial companies are dangerous, as they can result in both production interruptions and financial losses. The attacks are increasingly targeted and carried out by highly specialized attackers with extensive resources who aim not only for financial gain, but also for cyber espionage.

In the first half of 2020, the building automation and oil and gas industries were most frequently attacked. Cyber ​​attacks against the latter can be particularly damaging to companies in view of the massive financial losses that have already occurred as a result of the current pandemic. The proportion of ICS computers on which malicious objects were blocked increased

  • from 38 percent in the second half of 2019 to 39,9 percent in the first half of 2020 in the building automation industry
  • and from 36,3 to 37,8 percent in the oil and gas industry.

Building automation in the sights of the attackers

Building automation systems are generally more exposed to attacks because they are more frequently connected to corporate networks and the Internet in general than, for example, an ICS computer in the oil and gas industry. In addition, these systems are not always managed by the in-house information security team, but rather by contractors - making them an easier target.

The rise in attacks on ICS computers in the oil and gas industry can be attributed to the development of a large number of worms in the script languages ​​Python and PowerShell. These worms are malicious programs that replicate themselves on the infected device. You are able to collect authentication credentials from the memory of system processes using different versions of the Mimikatz program [2].

Trends: targeted attacks and more ransomware attacks against ICS

The increase in attacks in the oil and gas industry and in building automation was the exception in the first half of 2020: the proportion of systems attacked fell slightly in most other industries [3]. However, a dangerous trend is emerging: the attackers are likely to shift their focus from mass attacks to targeted and more complex threats such as backdoors (dangerous Trojans that gain remote control over the infected device), spyware (malicious programs used to steal data) or ransomware (which steal data and Systems encrypted). There were significantly more types of backdoors and spyware on the .NET platform that were detected and blocked on ICS computers. The percentage of ICS computers affected by ransomware ransom demands increased slightly in all industries in the first half of 2020 compared to the second half of 2019, with a number of attacks against medical facilities and industrial companies being observed.

Many companies are forced to work remotely

"The proportion of ICS computers under attack is declining in most industries," said Evgeny Goncharov, security researcher at Kaspersky. “However, there are still threats to contend with. The more targeted and sophisticated the attacks are, the greater their potential to inflict significant damage - even if they occur less frequently. In addition, many companies are being forced to work remotely and log into corporate systems from home, making industrial control systems more vulnerable to cyber threats. With fewer personnel on site, fewer people are available to respond to and counter an attack, meaning the consequences can be far more devastating. Given that the oil and gas and building automation infrastructures appear to be a popular target for attackers, it is critical that these system owners and operators implement additional security measures.”

Kaspersky recommendations for protecting against threats to critical infrastructures

  • Regularly update operating systems and application software that are part of the company's industrial network. Fixes and patches for the ICS network equipment should be installed as they become available.
  • Perform regular security audits of OT systems to identify and eliminate possible vulnerabilities.
  • Use dedicated ICS solutions to monitor, analyze and detect network traffic for better protection against attacks that could potentially compromise the company's technological process and key assets.
  • Offer dedicated ICS security training for IT security teams and OT engineers to improve response to new and advanced attack techniques.
  • The security team responsible for protecting industrial control systems should always have access to up-to-date information about threats. Kaspersky's ICS Threat Intelligence Reporting Service [4] provides insight into current threats and attack vectors as well as the most vulnerable elements in OT and industrial control systems and how to contain them.
  • Use security solutions for OT endpoints and networks such as Kaspersky Industrial Cybersecurity [5] to ensure comprehensive protection for all industry-relevant systems.
  • In addition, the IT infrastructure should also be protected. Kaspersky Integrated Endpoint Security [6] protects the company's end devices and enables automatic detection and response to threats.

Further results of the Kaspersky ICS CERT Report for the first half of 2020 are also available online.

More on this at Kaspersky.com

 

About Kaspersky

Kaspersky is an international cybersecurity company founded in 1997. Kaspersky's in-depth threat intelligence and security expertise serve as the basis for innovative security solutions and services to protect companies, critical infrastructures, governments and private users worldwide. The company's comprehensive security portfolio includes leading endpoint protection as well as a range of specialized security solutions and services to defend against complex and evolving cyber threats. Kaspersky technologies protect over 400 million users and 250.000 corporate customers. More information about Kaspersky can be found at www.kaspersky.com/

 

Matching articles on the topic

Report: 40 percent more phishing worldwide

The current spam and phishing report from Kaspersky for 2023 speaks for itself: users in Germany are after ➡ Read more

IT security: NIS-2 makes it a top priority

Only in a quarter of German companies do management take responsibility for IT security. Especially in smaller companies ➡ Read more

Printers as a security risk

Corporate printer fleets are increasingly becoming a blind spot and pose enormous problems for their efficiency and security. ➡ Read more

Cyber ​​attacks increase by 104 percent in 2023

A cybersecurity company has taken a look at last year's threat landscape. The results provide crucial insights into ➡ Read more

Mobile spyware poses a threat to businesses

More and more people are using mobile devices both in everyday life and in companies. This also reduces the risk of “mobile ➡ Read more

Crowdsourced security pinpoints many vulnerabilities

Crowdsourced security has increased significantly in the last year. In the public sector, 151 percent more vulnerabilities were reported than in the previous year. ➡ Read more

Digital Security: Consumers trust banks the most

A digital trust survey showed that banks, healthcare and government are the most trusted by consumers. The media- ➡ Read more

Vulnerabilities in medical devices

One in four medical devices (23%) has a vulnerability from the US cyber security agency CISA's Known Exploited Vulnerabilities (KEV) catalog. In addition, there are ➡ Read more

Stories
, , , , ,