Michael McDonnell, GCIA, GCWN, MLIS Director Enterprise Services Vcura Canada Incorporated [email protected]http://linkedin.com/in/itpromichael Energy Sector Cyber-threats HACKTIVISTS, ESPIONAGE, AND CYBERWAR
A survey of Information Security threats relevant to the Energy Sector, Oil & Gas, from 2008-2014. Night Dragon, Dragonfly, The Mask, Hacktivism, and Cyberwar are covered.
Citation preview
1. Energy Sector Cyber-threats HACKTIVISTS, ESPIONAGE, AND
CYBERWAR Michael McDonnell, GCIA, GCWN, MLIS Director Enterprise
Services Vcura Canada Incorporated [email protected]
http://linkedin.com/in/itpromichael
2. Poland 2014 ENERGY COMPANIES NOTIFIED OF BREACHES EXPLORING
THE DARKNET 2
3. Poland (2014) Spear-phishing Attacks EXPLORING THE DARKNET
3
4. Sandworm Targets: Government & Corporate EXPLORING THE
DARKNET 4
5. Sandworm and SCADA EXPLORING THE DARKNET 5
6. Hactivists, Espionage, & Cyberwar Hactivists #OpPetrol
#OpFuelStrike Operation Green Rights Schamoon Espionage Night
Dragon Dragonfly LightsOut Energetic Bear The Mask Clandestine Fox
Cyberwar Stuxnet Duqu, Flame Schamoon Kharg Island
7. Hackivists
8. Operation Green Rights (2011)
9. #OpFuelStrike (2012)
10. #OpFuelStrike (2012)
11. #OpFuelStrike (2012) OOOOPS!
12. #OpPetrol (2013) Why this Op ? Because Petrol is sold with
the dollar ($) and Saudi Arabia has betrayed Muslims with their
cooperation. So why isn't Petrol sold with the currency of the
country which exports it? Because the Zionists own us like this !/
Historically, the Currency of Muslims was not the paper money that
you know today, it was Gold and Silver. The new world order
installed their own rules so that they can control us like
robots.
13. AnonGhost & #OpPetrol
14. #OpPetrol (2014)
15. Schamoon (2012)
16. Cutting Sword of Justice Too vague & convenient
17. Its the Cold War All Over Again
18. [Enter the] Night Dragon (McAfee, 2008) Target confidential
information, in particular oil resource data lost data detailing
the quantity, value, and location of oil discoveries around the
world Marathon Oil ConocoPhillips Royal Dutch Shell BP Exxon Mobil
BG Group Chesapeake Energy Others
19. Night Dragon (2008) aka China Social Engineering Spear
Phishing Exploitation Active Directory Compromise Remote Admin
Tools (RATS)
20. Night Dragon (2008) Anatomy of an Hack
21. Norway 2014 ENERGY COMPANIES NOTIFIED OF BREACHES
22. StatOil Confiscated 40 Infected Computers
23. Norway 2014 Victim 300 Oil companies warned of attacks by
NorCERT 50 were confirmed to be breached, including StatOil Stolen
passwords, industrial drawings, and contracts Attacker Energetic
Bear / Dragonfly (The Russians) Started March 2014 & still
ongoing!
24. Targeted Attacks They (the hackers) have done research
beforehand and gone after key functions and key personnel in the
various companies. Emails that appear to be legitimate are sent to
persons in important roles at the companies with attachments. If
the targeted employees open the attachments, a destructive program
will be unleashed that checks the target's system for various holes
in its security system. If a hole is found, the program will open a
communications channel with the hackers and then the "really
serious attack programs" can infect the targeted companys computer
system. -- Hans Christian Pretorious, NMS Director of
Operations
25. Dragonfly aka Energetic Bear aka Russia
26. Norway it was Dragonfly aka Russia
27. LightsOut (2013, 2014)
28. LightsOut, Dragonfly, Havex
29. Clandestine Fox (2014)
30. Clandestine Fox (2012)
31. Careto: The Mask (2014)
32. Schamoon/Disttrack/Wiper (2012)
33. The Escalation of Espionage EXPLORING THE DARKNET 37
34. Cyber-espionage is growing month-to-month The number of
cyber espionage operations is growing from one month to the next.
Some of these operations stand out for various reasons:
sophisticated malware, skills of the cybercriminals, or the
resources that enable them to continue their espionage activities
for a long period or buy expensive zero-days. Any of the above may
indicate that an espionage operation is connected with the work of
government-controlled structures but proving this connection is
extremely difficult it is the work of investigation agencies,
rather than IT security companies Alex Gostev Chief Security Expert
Kaspersky Labs October 2014 EXPLORING THE DARKNET 38
35. Verizon DBIR 2014 Attacker Motivations EXPLORING THE
DARKNET 40
36. Verizon DBIR 2014 2013 vs Past EXPLORING THE DARKNET
41
37. DBIR 2014: by Industry EXPLORING THE DARKNET 42
38. Espionage and Records Management The purpose of records
management is part of an organization's broader activities that are
associated with the discipline or field known as Governance, Risk,
and Compliance (or "GRC") and is primarily concerned with the
evidence of an organization's activities as well as the reduction
or mitigation of risk that may be associated with such evidence.
Anthony Tarantino (2008-02-25). Governance, Risk, and Compliance
Handbook. ISBN 978-0-470-09589-8. EXPLORING THE DARKNET 43
39. APT Life Cycle EXPLORING THE DARKNET 44
40. Norway 2014 Poland 2014 Calgary 2012 ENERGY COMPANIES
NOTIFIED OF BREACHES