Oil and gas facilities are particularly attractive cyber attack targets due to their specific nature, and also because the consequences of a cyber attack targeting them extends beyond the facility itself, potentially impacting consumers, causing utilities interruptions and possibly safety measure violations, and harming the environment. In severe cases, the industry and the national economy may suffer as well. Oil and gas facilities are characterized by close monitoring of temperature, pressure, chemical composition and leaks. Attacks can be directed at any system or a combination of vital systems – production equipment, SIS (safety instrumented systems) and stop systems, which are often monitored and controlled from a remote location. The increase in facility automation, network connectivity and the use of cloud services also increases the exposure of oil and gas facilities to cyber threats. Malware, phishing and DNS tunneling are some of the more frequent methods of attacks targeting this industry.
Furthermore, proprietary information, including drilling methods, test results, chemical composition of premium products and new oil reserves are critical to the companies’ ability to successfully compete in the market. Such valuable information also attracts cybercriminals, in view of the price they can demand for it. Some of the methods that have been used in such espionage attacks include DNS hijacking, and attacks on webmail and corporate VPN servers (Trend Micro).
The Colonial Pipeline attack, which took place in April 2021, was one of the largest ever launched and most widely reported. It targeted the company’s billing system and internal business network, and temporarily shut down approximately 5,500 miles of pipeline, disrupting almost half of the East Coast’s fuel supply, and affecting the southern coast as well. This resulted in widespread shortages, and consequently, panic and chaos. The attack was attributed to the Russia-linked group DarkSide. In order to resume operation, ransom of $4.4 million was paid in bitcoin. In a rare win for the US Department of Justice, the bitcoin equivalent of $2.3 million was recovered two months later.