Europe’s oil and gas industries face increased risk from advanced threat groups and others as they continue to build-out digitally-connected infrastructure, the sector’s executives have been warned.
Geopolitics and espionage increasingly motivate the cyber attackers that target the oil and gas industry and their supply chains, warns a report from Trend Micro, Drilling Deep: A Look at Cyberattacks on the Oil and Gas Industry. While these attacks are not always sophisticated, they are often targeted and impact production, the report found, which can cause significant damage.
“Oil and gas companies typically run sprawling operations with sites in hard-to-reach locations – remote monitoring for performance, quality control and safety, is therefore essential,” says Bill Malik, VP of Infrastructure Strategies at Trend Micro. “However, with bandwidth limitations and the focus on availability, communications are often left unencrypted.”
According to the report, the focus on data availability makes financially motivated ransomware attacks a critical risk for the industry. “Carefully planned and well-executed ransomware attacks can cost millions of dollars in damages and down time,” Malik adds. “Known cases of ransomware infecting oil and gas companies were designed to create the most havoc, which results in a higher likelihood of the perpetrators being paid.”
Additionally, oil and gas companies have increasingly come under the scrutiny of advanced threat groups, like APT33, which usually attack military and defence organisations with geopolitical agendas, according to the report. It adds that the sector is also at risk from attacks designed to steal sensitive information and financially-motivated ransomware.