Hacking

Hackers Target Oil Producers During COVID-19 Slump

Recent research shows that the oil industry — already experiencing difficulties due to COVID-19 — must remain abreast of threats to stay safe from hackers.

Spear-phishing is a rapidly emerging threat. It’s more specific than generic phishing attempts and often targets a single person or company. Recent research shows that the oil industry — already experiencing difficulties due to COVID-19 — must remain abreast of threats to stay safe from hackers. 

Cybercriminals Capitalizing on the Chaos

The coronavirus is forcing companies in most industries to operate substantially differently. Many may find it takes time to adjust to the changes. Others do not immediately have the resources for a major shift, such as having all employees work remotely. 

A related concern is that COVID-19 is both a new and anxiety-inducing issue. People want to learn as much as they can about it, and their haste may result in them clicking on links without thinking. Cybercriminals view these conditions as ideal for orchestrating their attacks. Data from Barracuda cybersecurity researchers identified a 667% increase in spear-phishing attacks between the end of February and the following month. 

Real-Life Examples of Spear-Phishing Attacks in the Energy Production Sector

The threat of spear-phishing for energy companies is, unfortunately, not a theoretical one. Coverage published in late April by Bitdefender illuminated a carefully executed attack. The research team found evidence of a campaign occurring March 31, whereby hackers impersonated a well-known engineering company with experience in on- and off-shore energy projects. 

The messages — which did not include many of the telltale signs of phishing like spelling and grammatical errors — asked recipients to submit equipment and materials bids for the Rosetta Sharing Facilities Project. Participants would do so on behalf of Burullus, a gas joint venture partially owned by another Egyptian state oil brand. 

The emails also contained two attachments, which were supposedly bid-related forms. Downloading them infected a user’s system with a type of trojan spyware not previously seen in other utilities industry cyberattacks. The effort targeted oil companies all over the world, from Malaysia to South Africa, in a single day. 

Bitdefender’s research team also uncovered a more geographically specific spear-phishing attempt to target the gas sector on April 12. It centered on a relatively small number of shipping companies based in the Philippines. The emails asked them to send details associated with an oil tanker vessel and contained industry-specific language. This spear-phishing campaign occurred over two days. 

The cybersecurity experts that studied these attacks stressed that, since the messages contained accurate details about real-life companies and events associated with the oil industry, the attackers took the time to research to craft maximally convincing content. 

Hackers Love Causing Severe Disruptions

Why are cyberattacks in the energy industry suddenly on the rise? One reason may stem from the way hackers often deploy tactics to cause tremendous harm to necessary services. The oil industry operates on a vast scale. For example, a company specializing in oil and gas exploration planned as much as 300,000 feet of total footage for drilling in one region during 2018. 

The ability to get such impressive outcomes undoubtedly helps oil companies. The increased scale also may make it more necessary to safeguard against cyberattacks, especially as criminals look for ways to cause the most damage. Another recent incident, announced in a United States government alert on February 18, shut down a natural gas compression facility. Operations stopped for two days, causing losses in productivity and revenue. 

Although the publication did not name the energy company, it mentioned that the hackers depended on spear-phishing to get the credentials necessary for entering the businesses’ information technology (IT) network. It then used that access to wreak havoc on the enterprise’s operational technology infrastructure. 

Not a New Concern

Utilities industry cyberattacks have long worried cybersecurity analysts. If concentrated efforts from hackers shut down the electric grid, the effects could be long-lasting and hit virtually every industry and consumer in the affected areas. The risks to the energy sector began before the coronavirus pandemic, too. 

In November 2019, cybersecurity publications discussed a ransomware attack on Petróleos Mexicanos, Mexico’s largest oil and gas company. The perpetrators asked for 562 bitcoins to restore the data. The affected enterprise did not comply, and it had important data backed up. 

Toll Group, an Australian transportation and logistics company with oil and gas companies as clients, suffered a ransomware attack this spring. It was the second such issue in four months, with the first happening in February. 

The Energy Industry Must Remain Vigilant

The challenges posed by COVID-19 and its effect on oil prices may make the respective parties feel the impacts of cyberattacks in the energy industry more acutely. An ideal aim is to prevent those events rather than dealing with the damage afterward. Paying attention to cybersecurity vulnerabilities can help companies make meaningful gains and stay protected.

About the author

Kayla Matthews is a technology and cybersecurity writer, and the owner of ProductivityBytes.com. To learn more about Kayla and her recent projects, visit her About Me page.

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – COVID-19, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

Google: China dominates government exploitation of zero-day vulnerabilities in 2023

Google's Threat Analysis Group (TAG) and Mandiant reported a surge in the number of actively…

1 hour ago

Google addressed 2 Chrome zero-days demonstrated at Pwn2Own 2024

Google addressed two zero-day vulnerabilities in the Chrome web browser that have been demonstrated during…

13 hours ago

INC Ransom stole 3TB of data from the National Health Service (NHS) of Scotland

The INC Ransom extortion group hacked the National Health Service (NHS) of Scotland and is threatening…

17 hours ago

CISA adds Microsoft SharePoint bug disclosed at Pwn2Own to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Microsoft SharePoint vulnerability disclosed at the…

23 hours ago

The DDR Advantage: Real-Time Data Defense

This is the advantage of Data Detection and Response (DDR) for organizations aiming to build…

1 day ago

Finnish police linked APT31 to the 2021 parliament attack

The Finnish Police attributed the attack against the parliament that occurred in March 2021 to…

1 day ago

This website uses cookies.