In the last 9 months, cyber attacks on global oil and gas companies have grown significantly. Over 20 percent of the total attacks are directed towards upstream companies with up to 7 percent of the attacks targeting exploration activities exclusively. This translates to just over 5 million sophisticated attacks each day. This data is from Subex’s research.
Using a mix of social engineering, insider extortion and complex malware deployment chains, hackers are able to create breaches and deploy multi-modal malware with ease. Hackers have also figured out ways to use the distraction created by local, regional or global events such as the ongoing Covid-19 pandemic to their advantage.
By deploying complex malware and breach tactics, hackers and malware developers are able to harvest information in batches from oil and gas companies. The information exfiltrated includes:
- Information on geological profile, reserve type, production capabilities
- Basin modeling information
- Well locations and seismic information.
- Information on whether the oil and gas company decides to go ahead with the lease or surrender the area
- Economic analysis data including probability of hypothetical reserves transitioning into proven ones.
Such data breaches is then used to extort money or sold to competitors, traders and other parties who can further monetize the information and further their own interests.
In some countries, hackers use cyberattacks to launch cyber kinetic attacks as well. Oil refineries and pipelines have been targeted extensively in the last 28 months.
Oil companies are also targeted in a systematic and coordinated manner across various streams. Beyond oil exploration, refining, transport, storage and supply infrastructure are also on the radar of hackers. Use of Internet of Things (IoT), Operational Technologies (OT) and Information Technology (IT) and convergence of these technologies creates islands of vulnerability.
You can learn more about ways to cyber secure your assets, operations, and infrastructure here.
Subex is working with oil and gas companies across the globe. We are securing their upstream, midstream and downstream operations and infrastructure.
Secure your Company using Subex Secure’s Solutions and deter Cyberthreats immediately.
Prayukth K V has been actively involved in productizing and promoting cross eco-system collaboration in the emerging tech and cybersecurity domains for over a decade. A marketer by profession and a published author, he has also proposed and promoted critical infrastructure protection strategies that rely on in-depth threat research and deflection strategies to deceive hackers and malware. Having been at the frontlines of cyber securing infrastructure, Prayukth has seen cyberattacks and defence tactics at close quarters.