Dragos recently published the Oil & Natural Gas Cyber Threat Perspective which provides an overall assessment of risk to the Oil & Natural Gas (ONG) sector from cyber threats. The ONG industrial sector is a crucial foundation for other industrial sectors and for civil society in providing critical resources that enable operations in other industrial sectors. Based on our research, the cyber risk to the ONG sector is high due to the increasing number of adversaries targeting oil & natural gas industrial organizations.
Some of the key findings of the threat perspective are:
- The cyber risk to ONG organizations in North America, Europe, South America, and Asia-Pacific is increasing. At the same time, risk to the Middle East and North Africa remain at a high level as before.
- According to Dragos research, between 2018 and 2021 the number of ransomware attacks on industrial control system (ICS) entities increased over 500 percent, with five percent of attacks impacting ONG entities.
- Oil and gas adversaries target and can exploit internet-exposed assets, remote access, and insecure vendor or third-party access and introduce serious risk to the operations environment.
Current Threats Target All Major Stages of ONG Operations
A disruption event from a cyber attack at an ONG facility can occur at any point across the three major stages of ONG operations: upstream, midstream, or downstream. This can come from:
- Activity Groups (AGs) targeting ONG interested in espionage and prepositioning for disruptive effects.
- Ransomware groups looking to disrupt operations for quick, high-value payouts and vulnerabilities.
- Critical cybersecurity issues impacting Operational Technology (OT) networks.
Our cyber threat perspective details 10 Activity Groups that Dragos tracks in the ONG sector. These include:
Ransomware is the most significant and most prolific ongoing threat to ONG companies for the ONG industrial sector. According to Dragos data, between 2018 and 2021 the number of ransomware attacks on industrial control systems (ICS) increased over 500 percent, with five percent of attacks impacting oil & gas entities. Additionally, ransomware adversaries are increasingly adopting ICS-specific process kill lists, demonstrating the ability to stop industrial processes in the OT environment. EKANS, Megacortex, and Clop are examples of ransomware that contain this type of code.
Common Attack Scenarios for Global ONG
Our cyber threat perspective also covers an overview of threats to the ONG sector and breaks these threats down by operational segmentation. We provide assessments by region and offer an overview of vulnerabilities that adversaries weaponize and exploit in this sector.
The top 5 attack scenarios targeting ONG are:
- OT Network Remote Access Exploitation
- Disruptive or Destructive Ransomware Events
- OT Cloud Compromise
- Supply Chain Compromise
- Joint Ventures
The report discusses ICS impacts from these threats and provides examples from actual attacks including the Colonial Pipeline cyber incident.
How to Defend Against Cyber Threats
Finally, the threat perspective provides detailed recommendations on how cybersecurity professionals can defend their ICS/OT networks against cyber threats. The list of recommendations includes:
- Defensible Architecture Recommendations
- Monitoring and Visibility Recommendations
- ICS Incident Response Plans
- Remote Access Authentication
- Key Vulnerability Management
Learn more about the current threat landscape for global ONG with defensive recommendations on how to reduce cyber risk by downloading our cyber threat perspective here.
Ready to put your insights into action?
Take the next steps and contact our team today.