“How cyberattacks affect the hydrocarbon sector and how these attacks threaten the economy, businesses and citizens.”, — write: www.epravda.com.ua
The Great War shook the entire civilized world and the digital world in particular.
2022 became a record year for cyber incidents that targeted energy, oil and gas infrastructure, S&P Global reports.
There were at least 13 cases, the highest annual number in six years. It is likely that this number could be higher, as companies may not talk publicly about problems unless their consequences are huge.
According to the European Commission, in 2023 more than 200 cyber incidents were registered in the energy sector. More than half of them were destined for Europe.
Cyber attacks on the industry: “when”, not “if”The DNV Energy Cyber Priority 2023 study shows that the oil and gas industry has begun to invest more in cyber security due to geopolitical tensions and concerns about vulnerability in an era of new digital threats.
No one is safe from cybercriminals. The most recent hacker attack happened in August, when one of the world’s largest oil service companies, Halliburton, came under attack. Cybercriminals gained access to some of the company’s systems and demanded a ransom for unlocking them.
The incident caused disruptions and limited access to parts of Halliburton’s business applications. How much money the hackers wanted and whether the company paid the extortionists is currently unknown, but the cyber attack did not pass without a trace.
In a statement to the US Securities and Exchange Commission, Halliburton confirmed that its data was stolen, the company has incurred some costs and does not rule out that they may increase. Immediately after the damage from the attack became known, the company’s shares fell 4% to the lowest level in more than a year.
Digital attack as one of the elements of warEnergy infrastructure is critical to the economy. A sector strike provides an avalanche effect that affects multiple industries and goes far beyond a typical ransomware attack. Nowadays, this is an attempt at blackmail and panic-mongering. This was the case on the eve of the great war in Ukraine.
In January 2022, with the world anticipating the inevitable and anxiety in the air, particularly over energy security, hackers attacked a number of companies in Europe, including the Amsterdam-Rotterdam-Antwerp (ARA) refinery. Oiltanking and Mabanaft in Germany, SEA-Invest in Belgium and Evos in the Netherlands were hit. 17 terminals were affected by the cyberattack, 11 of which were in Germany.
Fortunately, there was no collapse. While the companies fixed the problems, they had to suspend some operations, reduce capacity and divert several oil tankers to other ports. Delivery delays were about a week.
The incident raised serious concerns in the EU about the security of energy systems at a time of soaring energy prices and geopolitical tensions. To combat hacker attacks, the NIS 2 directive was introduced to improve the cyber security of critical infrastructure.
From October 18, the document must be implemented in the national legislation of all member states, and non-compliance or non-fulfillment of reporting obligations will entail heavy fines. Oil and gas infrastructure is among the main sectors on the list to which the new cyber security rules will apply.
The history of the loudest cyber attack on the sectorHacking is not something new. According to consulting company Deloitte, the energy sector became the second most prone to cyberattacks back in 2016. At that time, more than half of the oil and gas companies in the US faced at least one cyber attack. This was associated with the development of digitalization.
The most daring incident happened in May 2021 and became the largest cyber attack on oil infrastructure in world history. It was also the largest digital ransom operation ever reported.
The American pipeline system Colonial Pipeline was attacked by hackers who were believed to be in Russia. It is through this pipeline that gasoline, diesel and aviation fuel are delivered from Texas to New York. To put the scale in perspective: Colonial Pipeline supplies about 45% of the fuel consumed on the US East Coast, and Texas is the leading oil producing state.
Although the company paid a ransom of nearly 75 bitcoins ($4.4 million) within hours of the attack in exchange for a decryption tool that was slow and ineffective, the pipeline was down for about a week. Later, the Ministry of Justice reported that it managed to partially return the ransom (63.7 bitcoins), but its value at the time of recovery was only $2.3 million.
One of the most high-profile cyber-attacks, which is said to have started with a hacked personal password of an employee, led to a veritable collapse in the country.
Amid the panic, fuel shortages began in several states, average prices rose to their highest level since 2014, American Airlines rescheduled flights and President Joe Biden declared a state of emergency. The US Consumer Product Safety Commission advised people “not to fill plastic bags with gasoline.”
The cyber attack highlighted the vulnerability of critical infrastructure and showed how a single strike can paralyze the economy and the lives of thousands of people.
Man vs technologyThe main tools of cybercriminals are phishing and malware infection. Attacks targeting software supply chains, that is, the entire process of manufacturing and selling products, are becoming more and more popular.
The main goal of cybercriminals is to make a profit, so they carefully look for weak points. Global losses from cybercrime are expected to grow by 15% annually and reach $10.5 trillion. per year until 2025.
The absolute majority of digital hacks in the world, as experts note, occur due to human error: unreliable passwords, untimely installation of software security updates, opening of phishing e-mails. Therefore, increasing employee awareness is essential to reduce risks.
However, this is not a panacea. Artificial intelligence and machine learning will play a significant role in both cyberattacks and cyberdefense. AI can come in handy to effectively defend against an attack, increasing the ability to quickly detect and edit. At the same time, artificial intelligence in the hands of a skilled hacker facilitates automation and the ability to carry out large-scale attacks.
All of Ukraine is in the field of view of hackersRussia began to create its cyber offensive potential long before February 24, 2022. The first powerful attacks on the power system with its disabling were carried out in 2015-2016. Several companies were hit, which resulted in tens of thousands of consumers in the country being turned off.
A year later, Ukraine became the epicenter of a massive Petya virus attack. The victims again were energy companies, as well as airports, nuclear power plants, government sites and banks.
According to the cyber police, the reason for the infection of the computers was probably a software update of the MEDoc hhalter program. It is used by enterprises working with documents of the Ukrainian government. Then the virus reached the USA, EU countries and Asia, but Ukraine accounted for 75% of all hacked computers.
On the eve of the great war and in its first months, the intensity and complexity of the attacks was the highest. To prevent data leakage, the state has restricted the operation of a number of registries. Critically important information is still closed. There are good reasons for this.
According to the SBU, Russian hackers annually carry out 4,500 cyberattacks on Ukraine. Not only state institutions, enterprises, banks, logistics firms, and telecommunications companies are targeted. The Russians prey on any open data to paralyze critical infrastructure, intimidate citizens, and sow panic.
The Russian IT army will stop at nothing. According to the State Special Communications Service, 1,739 cyber incidents occurred in the first six months of 2024. On average, 290 cases are recorded every month, or nine to ten cases every day. Experts note that the number of cyber attacks on the energy sector has more than doubled.
Hacking attacks are increasingly combined with missile and drone attacks, so cyber defense of businesses, states and every citizen is now more important than ever. We must win the war in the digital space and on the battlefield.