A report by security firm McAfee has revealed some rather worrying trends in recent years of the increasing volume of cyber attacks that are occurring in the oil and gas sector. Through good old fashioned social engineering of passwords and pitiful security precautions, hackers have managed to gain access to industrial secrets which, if exposed, could prove very costly to those concerned.
McAfee's report goes on to reveal that the main targets relate to tendering contracts and details regarding oil exploration. Hackers start by targeting these companies' web servers. Then, it is just a matter of compromising the security controls using widely available tools and penetrating deep into the network to gain access to proprietary information.
Mcafee's Greg Day commented:
"The attacks used to break into all the networks were built around code and tools widely available on the net's underground. As such,they were not very sophisticated but that did not dent their effectiveness. The information stolen however was incredibly sensitive and would be worth a huge amount of money to competitors. What makes these attacks different is the very specific ongoing targeting of specific organisations with a very distinct purpose to what they were trying to achieve."
The attacks pose a very striking similarity to the stuxnet attacks which occurred against Iran in 2010, and follows a growing trend of organisations, governments and even private individuals leveraging the Internet's dark underbelly to further their own aims.