Energy companies faced more targeted malware attacks in a six-month period last year than businesses in any other field, with hackers sometimes breaking into systems to steal geologic and financial data, according to a Houston network security firm’s research.
Alert Logic is releasing a report Tuesday detailing the incidence of attacks on its customers in different industries and the digital weapons hackers used in their attempts to infiltrate systems from April 1 to Sept. 30 last year. FuelFix examined the report ahead of its general release.
Though the report does not include information about how many attacks successfully breached computer security walls, the company’s research showed that attackers have been able to extract data and post it online for public viewing, said Stephen Coty, director of threat research for Alert Logic.
“What we see posted out there is not really what I worry about,” Coty said. “It’s what’s not posted out there. Because what’s not posted out there is the valuable data that’s being traded, sold, exchanged for different reasons.”
The report focused on activity monitored among Alert Logic’s customers, which include FuelFix’s parent company, the Hearst Corp.
Sixty-one percent of the 54 energy companies that Alert Logic serves experienced targeted malware attacks, according to the report.
Such attacks often involve malicious software that company workers load inadvertently onto their networks, through contaminated USB drives, links in emails, or infected websites.
Other types of Internet attacks that Alert Logic studies include “brute force,” in which a malicious group attempts a series of passwords to break into a system, or “web application attacks,” targeting data stored in online application services.
Energy companies also experienced more brute force attacks than companies in any other industry, according to the report, with 67 percent of Alert Logic’s energy customers sustaining such attacks.
While electronic attacks have the potential to disrupt fundamental energy company operations, and even cause equipment to malfunction, many of the assaults on energy companies so far have gone after data, Coty said.
Deep-water danger: Malware threatening offshore rig security
Still, there are examples of attacks of all scales. A virus targeting the world’s largest oil company, Saudi Aramco, infected 30,000 computers last August and was aimed at interrupting its oil operations.
And the activist hacking group Anonymous published email addresses and passwords last year for hundreds of employees of major oil companies including Exxon Mobil, Shell, BP, and Russia’s Rosneft.
Other hacks have retrieved oil companies’ handbooks or even geologic data, Coty said.
But the information posted online is often material that hackers don’t believe has much value.
“If a hacker breaks into an energy site, they grab a bunch of data and they keep what’s interesting,” Coty said.
But hackers typically don’t post online information about geology, drilling depths, or financial dealings, he said.
“The actual survey data, like how deep did they have to drill or what did the soil samples look like, things like that would be valuable to other people,” Coty said.
Even the hackers who published the big oil company email addresses said they were withholding some emails for use in further attacks, according to the posting.
Weather warning: Hurricanes are trial run for cyberattacks, energy leaders say
Computer attacks targeting energy companies, from power generators to oil producers, illustrate how vigilantly businesses must monitor their networks, Coty said.
“A lot of it is really knowing what you’ve lost,” he said. “We spend a lot of our time mining lost and stolen data.”
Even businesses that haven’t been hacked — or don’t know they have — may not be safe.
“A lot of companies are like, ‘Hey, we’ve never been breached.’ And maybe you haven’t,” Coty said. “But maybe a third party has that has your data.”
Most of Alert Logic’s 2,100 customers are outside of the energy industry, and no sector sustained a higher rate of targeted malware attacks than energy companies. Coming in second were financial services businesses, about 20 percent of which were attacked, according to the report.
Alert Logic had 1,801 customers at the time of the study and reviewed 46,475 “verified security incidents” out of more than 1 billion suspicious events it observed in the six-month period.