Hackers attack major energy companies through their subcontractors

Fuel Fix:
Sloppy security policies are leaving even large energy companies vulnerable to cyberattacks routed through their subcontractors, according to a report released Wednesday by Houston-based security firm Alert Logic.

While the largest companies in the energy industry have taken steps to protect themselves from intruders, they have failed to insist on the same vigilance from their subcontractors, according to the report.

“To put it nicely, I’d say it’s not a mature process,” said Stephen Coty, director of threat research for Alert Logic. “I don’t think that they hold their contractors up to the same standards that they do their employees. I think that’s a growth issue, or understanding the risks.”

Malware offshore: Danger lurks where the chips fail

Alert Logic has reason to worry. Its energy industry customers are targeted more often than its customers in any other industry and faced nearly 9,000 threats between Jan. 1 and May 23, the company said. Nearly half of those attacks were the result of malware, which can be loaded onto computers through contaminated links in emails or on USB drives. Thirty-one percent of the threats were brute force attacks, in which hackers repeatedly attempt to crack passwords, the report said.

“That’s higher than any other industry that’s going on out there,” Coty said. “The only thing that might even come close to this would be financial.”

It’s not hard to understand why, Coty said.

“People are wanting to know where they’re drilling, what their secrets are, what’s the formula (for hydraulic fracturing fluids),” Coty said. “This is all data that people are interested in … even a major company overseas want to know those formulas.”

The U.S. Department of Homeland Security reported in January that the energy industry received 41 percent of all reported cyber attacks in 2012, more than any other industry.
...
There is more.

I think Iran is behind some of these attacks, particularly the malicious attempts to shut down operations.  Data thieves make up another category.  Companies need to develop a way to trace the return address on teh hackers and deal with them through the legal system if they can be reached, or by other means if they cannot.

Comments

Popular posts from this blog

Another one of those Trump stories Ted Cruz warned about

Iraq says civilian casualties in Mosul caused by ISIS booby trap, not US air strike