The oil-and-gas industry has been taking a beating as severe as any other hit hard by the Covid-19 shutdown. Tanker ships loaded with crude idle in the ocean, traders struggle to store what has already been pumped, and prices per barrel have plummeted into negative sums. With all that going on, the industry is ripe for hackers to exploit.
In some cases, that’s already happening, says Tom Murphy, chief technology officer at network security provider Nuspire. Phishing and spear-phishing attacks are on the rise against Nuspire’s oil and gas clients, he says, and hackers are getting more sophisticated in avoiding detection.
“Normally, in an attack, you’d see poor grammar. But they’re getting better at that. Attacks are becoming more complex because so many people are working from home and are outside of their employers’ firewalls,” he says. Other tactics target employees and consumers looking for discounts in financially difficult times, such as prepurchasing gas at low prices or signing up for gas discounts.
READ MORE ON COVID-19 AND ENERGY
Hydroxychloroquine misinformation makes way for political disinformation
Ebola-hacking lessons for coronavirus fighters (Q&A)
How to make your Zoom meetings more secure
CanSecWest, the last tech conference standing in the face of the coronavirus
Chernobyl’s lessons for critical-infrastructure cybersecurity
Industrial systems need to prepare for the ‘big one’—but they’re not
For critical systems, “just patch it” is a paradox
Murphy is already seeing a 10 percent to 15 percent increase in the number of attacks targeting Nuspire customers, which include oil and gas consumers and companies, he says.
Similarly, Phil Neray, vice president of IoT and industrial cybersecurity at CyberX, says phishers are utilizing legitimate-looking requests for proposals and requests for quotes in their attacks, sometimes wrapped up as Zip files, to take advantage of the target’s desire to make (or save) money.
“When businesses are hurting, we should expect cybercriminals to send more of these phishing emails— especially if people aren’t remembering their cybersecurity training,” he says.
This story was originally commissioned by Dark Reading. Read the full story here.