The number of cyber attacks against energy sector is increased creating great concerns within the security community. Oil and gas firms are subject to continuous offensives moved by hacktivists and state-sponsored attacks, their activities are crucial for any country and due this reason are considered privileged targets.
Anonymous for example is conducting a new campaign dubbed OpPetrol to protest against the West’s domination of the world’s resources. The hacktivists protest against the energy sector for the adoption of US dollars as currency for oil exchange.
“Why this Op? Because petrol is sold with the dollar and Saudi Arabia has betrayed Muslims with their co-operation. So why isn’t petrol sold with the currency of the country which exports it,”
The Anonymous collective menaces the companies in the energy sector with a new wave of cyber attacks, the hackers may conduct distributed denial-of-service (DDoS) attacks, steal sensitive information from corporate systems, disclose sensitive information gathered during the attacks, deface their social media accounts and websites, but principal risks are related to the possibility to sabotage a critical system with specifically crafted malware.
This is a war without borders, the attacks from cyberspace will target companies working in the energy sector in various countries such as UK, USA, Saudi Arabia, Kuwait and Qatar, Canada, Israel, China, Russia and many others countries.
Following the list of targets provided by Anonymous:
The operation seems to target the following countries:
Governments that will be attacked
Companies that might be affected
Every industry involved in oil and gas is menaced, private security firms such as Symantec issued a specific warning for companies inviting them to be extra vigilant in concomitance of campaign starts.
“Symantec advises organisations to be prepared for attacks in the coming days. Organisations should monitor for unusual activities in their networks, particularly any attempts to breach the perimeters,”
“Staff members should be specifically trained on social engineering mitigation tactics along with regular security awareness training. As always, we continue to stress the importance implementing a multi-layered approach to defense.”
Anonymous said they had already compromised about a thousand websites, 35 thousand credentials e-mail and more than 100 thousand Facebook accounts as part of this campaign. While Anonymous threats oil and gas sector, many other suspicious attacks hit the Iranian Oil Ministry’s computer network according Mehr News Agency.
The specific malware used to infect systems is a backdoor trojan known as Cycbot, which allows the victims making them part of a huge botnet stealing sensitive information after have deactivated the security processes that are running on the system. Antivirus and firewall, therefore, are not enough to protect themselves.
The agency revealed that the attacks that interested the Iran’s Oil Ministry, the National Iranian Oil Company and some other companies have failed. The infrastructures were reportedly down due to the cyber attack but no information has been leaked and no sabotage successful.
The Iranian energy sector is continually attacked by foreign governments that tries to sabotage it, similar attacks was carried out against Iran’s Oil Ministry between the April and May of last year. The most striking hit Iranian facilities in 2010 when Stuxnet was used to sabotage national enrichment program.
In April 2011, Iranian Government announced the discovery of the cyber espionage malware known as Stars virus, the second agent that hit for this purpose the country after the popular malware Duqu linked to Stuxnet worm.
To respond to the attacks and ensure security of cyberspace the Government announced the establishment of a Supreme Council of Cyberspace.
The events demonstrated the great interest of state-sponsored operation against the energy sector of hostile government such as the Iranian one. From a defensive point of view the menace must be analyzed on the same perspective, no matter its origin. From attacker perspective the concomitant action of state sponsored hackers, hacktivists and cyber criminals could advance each other.
Source codes of principal malicious agents are easily findable on the underground market, these malware could be used by each of the above actors to hit the targets hiding the real motivation of the offence and the nature of attachers. The choice to use these codes could advantage a state sponsored attackers in the spread of the more sophisticated agent in a diversity action, at the same time cybercriminals and hacktivist could have all necessary to attack strategic objectives without having particular knowledge.
The energy sector of most industrialized countries is still too vulnerable to cyber attacks but what is really concerning is the level of knowledge necessary to create serious damage, a recent report published by US Government that reveals that critical infrastructures of the country are vulnerable to cyber attacks and that all necessary for the attackers is available on the Internet.
Cyber security is a must for any government, not only for energy sector.
Pierluigi Paganini
(Security Affairs – Cyber security, energy sector)