A study from Alert Logic Inc. (a security monitoring company), “State of Cloud Security Bulletin: Information Security in the Energy Sector,” based on a survey from 2,300 customers collected over six months recently revealed U.S. energy companies are being cyber-attacked more than any other sector of the nation’s economy and may be more vulnerable than other sectors, due to their reliance on subcontractors.
Accordng to the U.S. Department of Homeland Security, the energy industry received 41 percent of all reported cyber attacks in 2012. Alert Logic’s energy industry customers faced nearly 9,000 threats between Jan. and May of the same year. About 67 percent of those companies experienced “brute force” attacks, where hackers tried to break into their system with multiple passwords, and 61 percent were attacked by malware or computer viruses attempting to steal information or take control of the system.
Some hackers feed on the vulnerability of subcontractors, who’s individual interests can be targeted via social media or other websites. Once the hacker has collected enough information about their individual target, they may use it to guess passwords or send a “phishing” email that will appeal directly to them. If the target clicks a link or opens an attachment, the hackers are able to steal the victims credentials or gain control of their computer. In this way, they exploit the subcontractor systems to gain access to major company systems.
Emile Trombetti, senior vice predient of the consulting firm Booz Allen Hamilton, experienced a hacker using a message that appeared to be from his daughter, saying “Dad, it’s an emergency.” Trombetti said he recognized the email as the hack attempt it was, but worries that people who are less familiar with security issues might not see through these messages right away.
Attackers may be able to access highly valuable information with stolen credentials, such as seismic survey data, deal financials, intellectual property and other material. Stephen Coty, Altert Logic’s director of threat research, said, “[Hackers] are wanting to know where [the energy company's] are drilling, what their secrets are, what’s the formula (for hydraulic fracturing fluids)…this is all data that people are interested in…even a major company overseas wants to know those formulas.”
Mr. Coty suggests companies protect themselves better by keeping software up to date, using firewalls and threat-monitoring software, and training employees and subcontractors alike in security awareness.
Subcontractors may make energy companies more vulnerable to cyberattacks — report, E&E News
Hackers targeting energy subcontractors for big steals, Fuel Fix
Hacking from below: Subcontractors can leave big companies vulnerable, My San Antonio