The cyber security landscape has shifted dramatically in the past several months. The rapid rate of digital transformation has set the tone for a digital-first future, however despite rising reliance on the cloud and its security mechanisms, many industries find themselves under increased risk of cyber attack from determined cyber criminals. Ransomware has evolved from a relatively niche buzzword to a political talking point in only a few years, as more cybercriminals put critical infrastructure in their crosshairs.
The work of a cyber security professional is never done. While attackers only need to get lucky once, defenders must be on high alert at all times, predicting and preparing to mitigate threats before they even emerge. We understand the importance of data for prediction and mitigation purposes, as the data helps customers to provide security analytics and risk management services to identify, analyse, predict, and prevent highly sophisticated security threats in real time.
In the latest dataset, we have analysed the statistics focusing on Q2 of 2021 versus the same quarter of last year. This data is projected based on elements of the digital universe of organisations across different sectors. One of the most interesting findings that we have seen during this time pertains to cloud monitoring, which is swiftly becoming a critical aspect of cyber security. Indeed, our studies show that security attacks on cloud increased by a staggering 85% on financial institutions, and 22% within the energy production sector. Indeed, in this quarter, mostly medium sized businesses were at risk as well as large corporations as cyber criminals turned their activity towards the health, gas and oil, and finance industry.
Perhaps it is no surprise, but security attacks have risen across the board when considering three main industries: retail; food & beverage; and gas and oil. Compared to Q2 2020, security attacks on users and endpoints increased by 18% in the gas and oil sector and system perimeter breaches rose by 29% in the same quarter. Meanwhile, external web attackers increased their activity on energy production by 14%. Interestingly, security attacks on IT infrastructure also rose by 12% compared to the previous year. Consistently, attacks on gas and oil providers ranked in the top three biggest increases of this quarter, and this is all the more true for APT and malware based attacks which rose by 22% in 2021.
But why are the cyber criminals targeting industries such as health, gas and oil and finance? To put it simply, because there is an opportunity, and cyber criminals are notoriously opportunistic. Cyber criminals are prepared to target vulnerable equipment as long as they detect that it is open to the public on the internet. Finally, we have seen that the energy sector, and oil and gas in particular is exposed to network attacks and other related scenarios. We have seen an increase in this sector in this quarter mainly in Asia, and not just in terms of attacks, targeting users, but also targeting brands.
What every healthcare technology leader needs to know about cloud data and security
Why cyber criminals are targeting the energy sector
When considering the opportunistic nature of cyber criminals, one would be remis to neglect the oil and gas sector. As part of the world’s critical infrastructure, delays or disruptions to the production of energy can have a knock-on effect across the globe. Situations such as a ransomware attack on essential services often prove to be catastrophic for those involved, as the unfortunate truth is that many critical infrastructure providers have little option other than paying the ransom in order to resume normal services. In fact, the US’ Cybersecurity and Infrastructure Security Agency (CISA) published an alert warning that Chinese state hackers allegedly breached more than a dozen US pipeline operators over the past decade, making it a key target not just for state-backed hackers, but for financially motivated individuals too.
Indeed, one need look no further than the implications of the 2021 Colonial Pipeline incident. While the cyber criminals did not intend to cause disruption, claiming instead that they were “financially motivated”, the impact still resonates. Not only did this attack affect the operations of Colonial Pipeline, it also impacted the lives of millions of American citizens, so it is not surprising the company decided to pay the ransom. However, early reports indicate that the decryption tool did not work. While the demand does seem high, it was actually a lot lower than many in the security industry have expected, so it may set a benchmark for future ransom requests. Protecting against ransomware is all about cyber resilience and carrying out tests to prior to attacks to understand damages and limit them. Network segmentation is always critical, especially keeping operational technology separate from IT infrastructure, which is more likely to be attacked.
However, this raises several other issues that are persistent within the cyber security discourse as cyber criminals continue to target the energy sector, including the recent Saudi Aramco incident as the world’s largest oil production firms was brought to a grinding halt by cyber criminals.
IoT, blockchain and the future of the energy sector
Phil Skipper, head of IoT strategy at Vodafone Business IoT, discusses how IoT and blockchain can shape the future of the energy sector. Read here
Save your energy
The energy industry will remain a high-profile target for cyber criminals, especially now that the energy and other key sectors such as finance work on digital transformation projects. This means that they are working on moving into cloud, investing more on IoT, or focus on their users is more mobile. This shift comes because many are working from home, and enterprises want to unify their collaboration platforms, especially because these organisations are distributed, they have presence in multiple locations around the globe. However, the adoption of IoT brings new security challenges, as the Middle East says attacks on IoT rose by a staggering 71% in Q2, 2021.
Unfortunately, the tech-savvy cyber criminals are also on the front foot, scanning for new vulnerabilities and weaknesses within organisations. That’s why we will continue to see an increase in cyber criminal activity targeting critical infrastructure providers. Because the sector is incredibly lucrative in terms of revenue, cyber criminals get more bang for their buck. Cyber criminals are ingenious when it comes to implementing new techniques and tactics, creating and uploading malware or other type of exploits into their networks, to allow for communication with remote command and control servers or for data theft, or create or allow some rational type of attack and then ask for ransoms.
Because of the pandemic, some industries are attempting to adjust their planning as they aim to balance their budget, across their needs, in terms of manufacturing and IT security operations. So, it seems that such organisations have not invested massively yet to cyber security due either to negligence, inability to foresee potential security incidents, or due to persistent reliance on outdated legacy technology and machinery. While some organisations have improved their legacy IT systems, there are still several barriers inhibiting complete cyber security such as failure to invest more in modernising their security controls.
However, it is an unfortunate fact that many organisations don’t have the luxury of an inhouse security team that will help them to run specific security awareness programs internally, and educate the problem with the people with regards to handling suspicious emails, for example. In circumstances like this, we recommend facilitating with a managed security provider that has the tools and knowledge to implement proactive and predictive security mechanisms in order to protect you and your industry from the cyber criminals.