Hackers have been able to cause continued trouble for energy companies by reusing old code, an illustration of just how slowly oil and power businesses are reacting to online threats, a security expert said.
Companies that stay on top of online threats are able to update their systems to deal with known viruses and other malicious software. But those who are not as proactive can easily fall prey to an attack that uses old malware with a different name, or bits of added code.
Malware offshore: Danger lurks where the chips fail
That has allowed hackers to spread tweaked versions of old, familiar malware that should be harmless to those who have identified threats in the past, said Stephen Coty, director of threat research for Houston-based cloud security firm Alert Logic.
“Nobody’s really writing anything new, they’re just using old stuff and finding new ways to deliver it,” Coty said.
The proliferation of the adjusted versions of old online threats appears to have come more out of convenience for hackers, then from a lack of creativity, he said.
“Why mess with success if it still works and people are still vulnerable to it?” Coty said.
Some of the vulnerabilities are coming from large software companies who have not updated their software to address threats that should be easy to handle, said Coty, who singled out Microsoft and Adobe.
Still, when it comes to updating their own systems to address the latest security problems, energy companies are far behind.
Many of them use old system software that is increasingly vulnerable and will soon lack any security support. At the same time, energy companies face more attacks than businesses in other industries and have suffered real consequences because of poor defenses, FuelFix has reported.