The energy sector’s importance is underscored by its designation as an “enabling function” across all critical infrastructure sectors, as per Presidential Policy Directive 21. Serving as a crucial pillar of the economy and a key element of national security, the energy sector, however, is facing a new and alarming threat.
A recent report from UK-based threat intelligence company Searchlight Cyber has unveiled a chilling development. According to Dr. Gareth Owenson, CTO and Co-Founder at Searchlight Cyber, “This report demonstrates that energy companies are routinely discussed on dark web forums.” The discussions are not benign. Instead, they involve “threat actors auctioning initial access to remote software, VPNs, and stolen credentials.”
The report, based on an analysis of posts published between February 2022 and February 2023 on cybercrime forums, dark websites, and marketplaces, reveals a growing trend of cyber threats targeting the energy sector. The targets include oil and gas and renewable energy firms in the US, Canada, UK, Italy, France, and Indonesia.
Dr. Owenson further explained that while corporate infrastructure is primarily exploited, ICS and OT are also in the firing line. This is particularly concerning given that these resources can allow even unsophisticated and low-skilled attackers to hack industrial systems.
Energy Sector ICS/OT Systems on High Alert
The fact that access to these ICS and OT systems is being auctioned for as little as $20 and up to $2,500, depending on the target’s size, location, and the potential for supply chain attacks, underscores the severity of the threat. This highlights the urgent need for robust cybersecurity measures in the energy sector.
“Energy organizations may not have historically considered themselves the primary target for financially-motivated cyberattacks emanating from the dark web,” said Dr. Owenson. However, he warned that “the cybersecurity landscape has changed dramatically over the past few years.”
Cybercriminals are no longer just focusing on asset-rich organizations like banks and insurance companies. They are increasingly targeting enterprises in industries such as healthcare, oil and gas, and manufacturing, to leverage the critical nature of these companies and extort ransoms. This makes dark web intelligence vital.
Recent findings indicate a worrying pattern among Chief Information Security Officers (CISOs) within the oil and gas sector. While a substantial 72% of these organizations actively collect data from the dark web, this percentage lags behind other high-risk sectors. For comparison, 85% of entities in financial services, 83% in manufacturing, and 81% in transportation are leveraging dark web intelligence.
Perhaps even more concerning is that over a quarter (27%) of oil and gas CISOs believe that dark web activities do not impact their companies. This perspective could leave them vulnerable to unseen threats and cyberattacks.
Ian Garratt, a threat intelligence analyst at Searchlight Cyber, shared this concern. He stated, “Access to ICS systems is undoubtedly the highest priority concern of security professionals at energy organizations.” The open discussion of this issue on dark web forums is likely to raise eyebrows. However, Garratt pointed out that it “allows defenders to assess the capability of attackers with this information and monitor their evolution as credible threats overtime.”
In light of these findings, energy companies are urged to enhance their cybersecurity measures. Garratt underlined the need to “continuously monitor for evidence that their infrastructure – corporate or industrial – has been compromised.” He reminded us that “even compromised corporate systems can be enough to bring operational activity to a halt,” as demonstrated by the Colonial Pipeline incident.
What Should Organizations Do?
To mitigate these threats, energy organizations must take proactive measures to protect their systems. Here are some steps they can take:
- Enhance Cybersecurity Measures: Implement robust cybersecurity measures, including firewalls, encryption, and multi-factor authentication. Regularly update and patch systems to fix vulnerabilities.
- Continuous Monitoring: Monitor infrastructure continuously for potential compromises. Use dark web intelligence to identify potential threats and prepare defenses.
- Employee Training: Train employees on cybersecurity best practices. Many cyberattacks start with a phishing email or other social engineering tactics.
- Emergency Action Strategy: Establish a strategy that outlines procedures to isolate compromised systems, investigate the breach, inform affected parties, and retrieve data.
- Collaboration and Information Sharing: Collaborate with other companies in the energy sector and share information about threats and best practices. Collective defense can be an effective strategy against cyber threats.
- Leverage Dark Web Intelligence: Use dark web intelligence to identify potential threats and prepare defenses. This can provide valuable insights into the tactics, techniques, and procedures (TTPs) used by threat actors.
- Regulatory Compliance: Ensure compliance with all relevant cybersecurity regulations. This can help to avoid fines and legal issues, as well as improve security.
By implementing robust cybersecurity measures and leveraging dark web intelligence, energy organizations can proactively identify and counter threats. This approach allows them to fortify their defenses right from the start of any potential cyberattack, ensuring a more responsive and resilient security posture in the face of emerging threats.