ACID Technologies provides oil and gas companies with 24/7/365 dark web monitoring services, while also monitoring multiple additional sources. When detecting a threat, ACID sends real-time, actionable alerts with all available information, to enable the targeted company to effectively respond to the threat and mitigate its harmful impact on the company – whether service disruption, data theft, reputational damage, or other.

What makes the oil and gas industry an attractive target for cybercrime?

The oil and gas industry is the backbone of energy supply, and is critical to the functioning of modern society. Disruptions to the supply of oil and gas have major consequences. Their impact is felt far beyond the targeted facility, reaching homes, businesses and industries. In severe cases, the local, and even national economy may suffer as well.

The essentiality of the oil and gas industry on the one hand, and the valuable proprietary information of its companies, are vital to their ability to successfully compete in the market. This information includes, for example, drilling methods, test results, chemical composition of premium products and new oil reserves.

Cybercriminals eager to make a profit are therefore tempted to launch a ransomware attack against oil and gas companies, as they are aware that in order to resume operation and mitigate the effects of the attack, and also to avoid fines due to safety violations, the targeted companies are likely to meet their ransom demands quickly.

This industry is also attractive to cyberterrorists who are aware of the broad economic impact of cyberattacks on oil and gas infrastructure, and as a result, also gain wide media coverage. State-backed hackers are also a concern, particularly at times when the geopolitical climate is tense.

Hacktivists must also be taken into consideration, as this industry is considered controversial due to its harmful effect on the environment. Here, too, media coverage is considered an asset, as it helps them broadcast their message to a wide audience.

What is a good example demonstrating the extent of damage cyberattacks on oil or gas companies can cause?

A good example is the cyber attack on Colonial Pipeline in April 2021, attributed by the FBI to the Russia-linked group DarkSide. The attack temporarily shut down approximately 5,500 miles of pipeline, disrupting almost half of the East Coast’s fuel supply, and affecting the southern coast as well. This resulted in widespread shortages, panic and chaos, and a spike in gasoline prices.

Also illustrating the heavy impact of this attack is the decision made by the company’s management the following day to pay the $5 million ransom. The company’s CEO Joseph Blount later explained in an interview: “It was the right thing to do for the country.”

What makes the oil and gas industry vulnerable to cyber attacks?

• Broad attack surface resulting from infrastructure spread across large areas and decentralization. Each facility or component constitutes a vulnerability in itself; these also include the distribution network and companies’ supply chain partners.
• Oil and gas facilities are characterized by close monitoring of temperature, pressure, chemical composition and leaks. Attacks can be directed at any system or a combination of vital systems – production equipment, SIS (safety instrumented systems) and stop systems, which are often monitored and controlled from a remote location.
• Facility automation, network connectivity and the use of IoT devices, and also the use of cloud services, increase the exposure of oil and gas facilities to cyber threats.
• Operational efficiency requiring easy access is not always compatible with the need for defense mechanisms to protect the IT network.

What are some of the more frequent modes of attack against the oil and gas industry?

• Ransomware attacks – as demonstrated above in the Colonial Pipeline case, cybercriminals waging ransomware attacks are correct in their assessment that oil and gas companies are likely to quickly pay the ransom they demand in order to be able to resume operation.
• Denial-of-Service (DoS) attacks – by overwhelming a website with fake traffic, cybercriminals can potentially disrupt operation.
• Phishing and spear phishing attacks – to gain access to critical systems and disrupt their operation by deceiving employees who unwittingly download malware.
• Supply chain attacks, made easier due to interconnectivity.
• DNS tunneling and DNS hijacking (also known as DNS redirection) – which exploit the DNS protocol to tunnel malware and other data through a client-server model; and which redirect users to malicious sites.
• Advanced Persistent Threats (APTs) – often preferred by state-sponsored attackers. Due to their sophistication and persistence, they can cause heavy damage through data theft and potentially, also lead to extended disruption.

What was the effect of the cyber attack on the American oilfield services company Halliburton?

Halliburton, with a workforce of approximately 48,000 employees spread across more than 70 countries, is one of the world’s largest providers of oilfield and drilling services, and also of equipment used by energy producers.

In August 2024, Halliburton sustained a cyber attack in which the perpetrator gained unauthorized access to some of its systems, stole data and disrupted operation and corporate functions. In an official statement, it said that “an unauthorized third party gained access to certain of its systems… [and] has caused disruptions and limitation of access to portions of the Company’s business applications supporting aspects of the Company’s operations and corporate functions.” Although the company added that the financial and operational impact was not significant, the following month it also stated that it would continue to incur costs resulting from the attack. Following this statement, the company’s shares declined.

In light of the critical importance of uninterrupted supply of oil and gas to the functioning of modern society and to the economy, it is imperative to do the utmost to protect oil and gas companies from cyber attacks. ACID helps these companies do just that, and also to avoid data theft that could be disastrous to their competitiveness.