Cyber-criminals target energy companies

Global energy firms are falling victim to cyber-attacks to steal data concerning operations and financing for oil and gas field bids. The attacks have been revealed by computer security firm […]

Register now!

By Kelvin Ross

Global energy firms are falling victim to cyber-attacks to steal data concerning operations and financing for oil and gas field bids.

The attacks have been revealed by computer security firm McAfee, which stated that over the last two years, the energy companies have faced repeated intrusions.

Private emails were hacked using a system called spear phishing: emails sent to company officials included a link to a malicious website. When employees visited the site, a remote administration tool was downloaded in their computer systems, which was designed to compromise other systems and extract sensitive information.

McAfee has not named the companies concerned, but they are believed to be major oil and gas players.

The cyber-attacks were revealed in a blog by McAfee’s chief technology officer George Kurtz. He said that the information that was being hacked was “highly sensitive and can make or break multi-billion dollar deals in this extremely competitive industry”.

Mr Kurtz added that the attacks “continue to this day” and involve “an elaborate mix of hacking techniques including social engineering, spear-phishing, Windows exploits, Active Directory compromises, and the use of remote administration tools”.

The oil and gas sectors are generally thought to be among the more security-sophisticated firms in the energy sector.

Last year, IBM senior manager Steve Hornsby said that the nuclear industry has “skipped a generation” when it comes to technology and this left it open to security risks.

He explained how IBM used former professional hackers to test the robustness of security at companies, and one such exercise on a nuclear plant’s system ended with the hacker stating that “it turned out to be one of the easiest penetrations I have ever done”.