Colonial Pipeline fuels a surge in attacks on oil and gas
Looking back at cyber-attacks over the last quarter, Colonial Pipeline easily holds the beacon for the incident that prompted the most concern. The well-publicised attack caused fuel shortages across the East Coast of the United States, resulting in people missing work, children missing school, looting and fires, putting lives at serious risk. Finally, the world was seeing what the security industry had been predicting for years – cyber-attacks having a physical impact and interfering with people’s daily lives.
Following the incident, the US government stepped up its focus on cyber security, with President Biden introducing new laws around the security of critical national infrastructure and warning the Russian President that the sector should be off-limits when it comes to cyber attacks.
However, based on Obrela’s latest Digital Universe Study, Biden’s warnings are having little effect, with data from the last quarter showing that cyber attacks on oil and gas have significantly increased across the industry’s entire IT estate in the last three months.
Obrela’s Digital Universe Study
Every quarter releases its Digital Universe Study, which is a roundup of the attacks targeting our customers from the last three months. The study runs a comparison from the same quarter in the previous year to understand how attacker techniques are changing, which industries and continents are facing the most attacks and what within the IT infrastructure is being attacked most frequently.
Key findings from the April – June 2021 revealed:
- Oil and gas was one of the only industries to consistently see an increase in attacks on its systems, while many other industries actually saw a reduction
- The industry saw:
- An 18 percent increase in attacks on its users and endpoints
- A 22 percent increase in attacks on its cloud environments
- A 12 percent increase in attacks on its IT infrastructure
- A 29 percent increase in attacks on its system / perimeters
- A 14 percent increase in web attacks
- A 22 percent increase in APT / malware attacks
The data highlights that as the world watched Colonial Pipeline fall to its knees at the hands of ransomware, attacks on the whole oil and gas sector were heating up as cybercriminals across the globe tried to cash in on other pipelines.
The latest victim is Saudi Aramco, the world’s most valuable oil producer, which is currently being held to ransom by cybercriminals for $50 million following a leak of its data on the dark web. This reinforces the findings of Obrela’s data – attacks on oil and gas are rising and we should expect them to get worse as cybercriminals test the industry’s defences.
“Even despite President Biden’s warnings in June that critical national infrastructure should be off-limits, our data reveals that the oil and gas sector is a prime target for cybercriminals today, which has most likely been prompted by the attack on Colonial Pipeline. When Colonial Pipeline publicly admitted to paying the ransom, attackers gained intelligence around how a successful attack on the sector is almost guaranteed to amount in a pay-out. The sector is at a greater risk than ever before and addressing security risks and hardening systems must be the number one priority,” said George Papamargaritis, MSS Director at Obrela.
Additional findings from the study revealed that:
- The healthcare sector saw a 71 percent increase in attacks on IoT
- Q2 2021 saw a 58 percent decrease in attacks on banking and finance users and endpoints
- Q2 2021 saw a 66 percent decrease in attacks on banking and finance IT infrastructure
- Q2 saw an 88 percent increase in brand attacks within the food and beverages sector