Cybersecurity

DALLAS–The oil and gas industry and its supply chain face increased cyberrisks from advanced threat groups and others as they continue to build out digitally connected infrastructure, warns a report from Trend Micro Inc., an information security firm.

“Drilling Hard: A Look at Cyberattacks on the Oil and Gas Industry,” written by Feike Hacquebord and Cedric Pernet, draws on almost a decade’s worth of cyberattacks against the sector, and finds that geopolitics and espionage motivate those assaults, Trend Micro says. It adds that while those attacks are not always sophisticated, they often target and impact oil and gas production, which can cause real-world damage.

“Industrial cybersecurity is not hopeless. We sometimes forget that in complex environments with appropriate security controls, the attacker is the one who has to get everything right,” says Bill Malik, vice president of infrastructure strategies for Trend Micro. “Industrial control systems manufacturers and integrators are beginning to understand the value of a comprehensive, layered approach to information security.”

In addition, the report points out information security firms are expanding their integration and analytical capabilities. As the Industrial Internet of Things market consolidates, Trend Micro predicts enterprises will have a clearer choice identifying superior, well-integrated and proven technology to protect their systems.

“Drilling Hard” says oil and gas companies typically run sprawling operations with sites in hard-to-reach locations. Remote monitoring for performance, quality control and safety is therefore essential, but it notes bandwidth limitations and the focus on availability means communications often are left unencrypted.

Constant monitoring is critical for field operations, Trend Micro assesses, with strict visibility on temperature, pressure, chemical composition and possible leaks. Onsite production equipment, as well as safety instrumented and emergency stop systems are vital, and they typically are monitored and controlled remotely. All these connected systems potentially can be compromised by an attacker, the report says.

Oil and gas companies have little incentive to encrypt data flowing from sensors, but Trend Micro warns lack of communication data integrity checks leaves open the possibility of sabotage attacks on wells and refineries.

“The focus on data availability makes financial ransomware attacks a critical risk for the industry,” the report cautions. “Carefully planned and well-executed ransomware attacks can cost millions of dollars in damages and downtime. Known cases of ransomware infecting oil and gas companies were designed to create the most havoc, which results in a higher likelihood of the perpetrators being paid.”

Stealing Data

Additionally, Trend Micro says oil and gas companies increasingly are coming under the scrutiny of advanced threat groups, such as APT33, which usually attacks military and defense organizations with geopolitical agendas. The security firm adds the sector also is at risk from attacks designed to steal sensitive information and financially motivated ransomware.

The report details a wealth of tools and techniques readily available for attackers in cybercriminal underground forums, including DNS hijacking, phishing of VPN and webmail services, zero-day exploits, webshells, mobile malware and more.

Certain threat actors deploy types of malware that are specifically crafted to destroy or sabotage the computer servers, control systems or networks of factory facilities, with versions of wiper malware used in attacks against the oil industry. Trend Micro cites the Stuxnet malware launched against Iranian centrifuges in the country’s uranium enrichment facility as one example. Another is Industroyer, malware targeting industrial control systems used in electric substations.

“Companies in the oil and gas industry should be wary of these threats,” Trend Micro recommends. “An additional concern is the fact that specific malware is not always needed to successfully compromise a certain facility. Any remote access tool that would allow an attacker to gain access to a Human Machine Interface for equipment would imply serious risks.”

Trend Micro recommends a range of defensive strategies to mitigate the cyber threats facing oil and gas companies, including:

• Upgrading domain name security, including requiring two-factor authentication for DNS settings;
• Installing data integrity checks;
• Implementing domain name system security extensions and SSL certificate monitoring;
• Requiring two-factor authentication for webmail;
• Improving employee training; and
• Conducting comprehensive risk assessments of cloud services.

“Oil and gas facilities are critical infrastructures creating vital products for economies around the world,” Trend Micro says. “Protecting the supply chain is not simply a significant matter for enterprises involved in manufacturing the products but also for those who depend on and consume the products.”