The oil and gas industry is a valuable target for adversaries seeking to exploit industrial control systems (ICS) environments. As the number of attacks against ICS overall is increasing, adversaries with specific interest in oil and gas companies remain active and are evolving their behaviors. Dragos recently discovered a new activity group targeting this space, HEXANE, bringing the total number of ICS-targeting activity groups Dragos tracks to nine, five of which directly target oil and gas. Activity groups are discussed in detail in this report.
A disruption event from a cyberattack at an oil and gas facility can occur at any point across the three major stages of oil and gas operations: upstream, midstream, or downstream. From exploration and production to customer distribution, operational technology (OT) environments are in close proximity to information technology (IT) networks. As adversaries that target ICS environments improve their capabilities, they can more easily execute difficult attacks that cause operational disruptions or environmental damage. Due to the political and economic impact, and direct effect on civilian lives and infrastructure, the oil and gas industry has a high risk for ICS targeted destruction and disruption campaigns originating from a cyberattack.
This report provides a snapshot of the threat landscape as of August 2019 and is expected to change in the near future as adversaries and their behaviors evolve.
Discover more resources.
Explore more resources to support you on your ICS cybersecurity journey.
Ready to put your insights into action?
Take the next steps and contact our team today.