The energy sector is at an elevated risk of brute force and malware/botnet attacks, a new report said.
“The energy sector is a big part of the global economy and therefore has extremely high-stakes security risks compared to other industries,” said Stephen Coty, director, security research with Alert Logic, which examined the rise of cyber attacks targeting the energy sector.
Just take a look: 67 percent of energy companies experiencing brute force attacks, compared to 34 percent of Alert Logic’s entire customer set. Attackers look for opportunistic points of vulnerability in networks housing confidential business information, according to the Alert Logic report. Breaches of geophysical data, in particular, intend to damage or destroy the data used in energy resource exploration. Brute force attacks also see use in stealing a company’s intellectual property for the purpose of industrial espionage.
Another point of attack: 61 percent of energy companies experienced malware/botnet infiltration attacks, versus 13 percent of entire customer set. These attacks seek access to physical infrastructure systems that control pipelines and other key energy plant operations. Alert Logic found technologies such as Supervisory Control and Data Acquisition (SCADA) systems are vulnerable to hacking, while the emerging business practices of BYOD and BYOA (bring your own applications) in the workplace can be carriers of viruses and other malware.
“Unlike an attack on an e-Commerce site or SaaS application provider, a malware infiltration attack on an energy company could grow to catastrophic proportions if hackers were able to block or flood the oil and gas pipeline infrastructure,” Coty said. “This industry doesn’t see the typical web application attacks. It experiences a greater magnitude of security threats that could have global repercussions for years to come.”