Cyber-Espionage Hits Oil and Gas Companies in USA and EU – Is Asia Next?More than 1000 energy

companies in North America

and Europe have been affected

by a huge cyber-espionage

campaign operating secretly

since at least 2011. The

companies affected are thought

to be some of the biggest names

in the industry, thereby raising

the question that if companies

in North America and Europe

have succumbed to this cyber-

attack, is Asia next?

www.cyberoilandgas.com

Date: 1st July 2014

More than 1,000 energy companies in North America and Europe have been compromised in a huge malware attack unearthed by US security firm Symantec.

Eighty four countries were affected, although most of the victims were located in the United States, Spain, France, Italy, Germany, Turkey, and Poland.

The hackers are thought to be part of an Eastern European collective known as Dragonfly, which has been in operation since at least 2011.

[The group] has been targeting organisations that use industrial control systems (ICS) to manage electrical, water, oil, gas and data systems.

“Its primary goal appears to be espionage,” Symantec said.

Article Magazine Editor’s Blog In Pictures Reports

The oil and gas sector is one of the most targeted by cyber-attacks, yet is notably resilient compared to others. The majority of publically reported attacks include Government, the manufacturing sector and IT companies. Although the oil and gas sector faces a comparable volume of attacks as the fifth most targeted sector worldwide, the number of damaging cybersecurity incidents arising from these attacks is far lower. This should not however imply that the sector is safe by any means, as this latest attack Dragonfly has demonstrated.

This is because the damage that a single cyber-attack can incur on an oil and gas company is significantly higher that against other sectors. The effects could disrupt energy security, cause an environmental incident or even result in the loss of life should vulnerable industrial control systems be affected.

Stuxnet was the big wakeup call regarding the damage a cyber-physical attack against vulnerable SCADA systems can cause. Thankfully, attacks of this nature have been rare due to the planning and expert knowledge required to successfully conduct such an attack – until now:

What Does This Mean For The Oil and Gas Sector?

www.cyberoilandgas.com

The attack is similar to the Stuxnet computer worm, which was designed to attack similar industrial controllers in 2010 and reportedly ruined almost 20% of Iran’s nuclear power plants. Symantec said Dragonfly “bears the hallmarks of a state-

sponsored operation, displaying a high degree of technical capability”.

Symantec said Dragonfly had accessed computers using a variety of techniques, including attaching malware to third-party programs, emails and websites, giving it “the capability to mount sabotage operations that could have disrupted energy supplies across a number of European countries”.

It had used Backdoor.Oldrea to gather system information, including the computers’ Outlook address book and a list of files and programs installed, and Trojan.Karagany to upload stolen data, download new files and run them on infected computers, Symantec said.

Dr Andrew Rogoyski, chair of techUK Cyber Security Group, told the BBC that “on the face of it, the attacks seem much more benign than Stuxnet but time and further analysis will tell.”

Article Magazine Editor’s Blog In Pictures Reports

At present, the identity of the attackers remains unknown, along with their intentions beyond espionage. What this attack does demonstrate however is that large-scale cyber-attacks are taking place and are affecting some of the biggest and most important companies in the world. It also suggests that there is likely to be other attacks operating undetected. Given these trends, it is prudent to suspect that similar attacks are either already affecting oil and gas companies in Asia, or will in the near future. This Dragonfly incident has demonstrated that t is no longer a matter of “if” a cyber-attack will hit your company, but now a matter of “when”.

In the case of the Stuxnet attack, the attackers had inside knowledge of the target’s IT infrastructure and were able to transmit the virus via USB stick, thereby subverting

the air-gapped target SCADA system. Due to the technical complexity and effort needed in this attack, it was assessed that similar attacks would be unlikely and the majority of cyber-threats would continue to arise from more traditional sources such as malware, email attachments, phishing and watering hole attacks, amongst others.

However what Dragonfly has demonstrated is that these traditional attack methods are still proving effective at penetrating the systems of over 1000 companies in the energy sector. In addition to this, there is nothing to suggest that oil and gas companies based in Asia are any more secure than those based elsewhere, especially for the multi-national oil and gas companies with operations around the world.

Cybersecurity is risk based, meaning that the investment into strengthening it must be must be related to the potential severity of a cyber-incident combined with its likelihood. According to PwC’s “Global State of Information Security® Survey 2014”, between 2012 and 2013, Oil and Gas companies detected on average 179% more security incidents and financial losses increased an average of 470%. In response to this trend cybersecurity budgets have simultaneous grew as well, with budgets rising by a substantial 32% increase over the same time period. However, due to the wide-reaching Dragonfly attacks, it suggests that despite significant increases in IT security budgets, offensive cyber-threats are still proving more effective than the defences.

Whilst the following of best practice cybersecurity precautions will remain essential, the big question this recent attack needs to raise in the boardroom is whether

the balance of risk and investment into cybersecurity should be re-evaluated. How much more investment and training is needed to effectively counter this trend of rising threats and security incidents facing the oil and gas sector?

The Dragonfly attack successfully penetrated the cyber-defences of thousands of energy companies, but only to the effect of conducting espionage. Will targeted organisations get off so lightly next time and do we know the extent of the cyber-espionage and associated attacks currently operating?

Considering the importance of the systems and the value of the data at risk, significantly greater investment and effort is needed to adequately protect the oil and gas sector form cyber-attacks, lest the industry experience another more damaging attack sooner rather than later.

The Dragonfly Attacks Affected Companies in North America and Europe – Is Asia Next?

What Can the Oil and Gas Industry do to Combat These Threats?

www.cyberoilandgas.com

Main Conference: 12th – 13th August 2014

Pre-Conference Workshops: 11th August 2014

Post-Conference Workshops: 14th August 2014

Venue: Kuala Lumpur, Malaysia

îProtect Your Company Data and Critical Operations from Devastating Cyber-Attacks by Attending Asia’s Only Cybersecurity Event for the Oil, Gas and Petrochemical Sector!

No-where else can you meet the leading IT security experts from Asia’s major oil, gas, petrochemical operators from across the region including PETRONAS, Shell, ConocoPhillips and Daleel Petroleum. Enhance your knowledge and skills by learning from The EC-Council, (ISC)² and SANS Institute accredited cybersecurity experts by attending our in-depth technical workshops.

Sources:

http://www.bbc.com/news/technology-28106478

PwC The Global State of Information Security® Survey 2014

Click Here to View the Agenda

www.cyberoilandgas.com

Download this Exclusive Article

Here

The 7 Most Important

Rules for Oil and Gas Cybersecurity Experts

www.cyberoilandgas.com

Discover the 7 MostImportant Rules for Oiland Gas CybersecurityExperts according tothe industry experts

themselves