We all know how devastating cyber attacks can be. Small businesses have gone under, private citizen data has been compromised, and casual users have chucked their computers out a third-story window. In just a few short decades since the discovery of the first computer virus in 1986, cybersecurity has become one of the hottest areas in innovation and investment to combat cyber attacks.
Today, we’d like to focus on the rise of cybercrime in the energy sector. The average person often doesn’t think about the vulnerabilities of an oil rig’s assets, but the reality is that they suffer vicious cyber attacks. Here are some of the worst operational technology (OT) cyber incidents in recent memory.
Aptly titled once you realize what’s happening to your network, the WannaCry ransomware attack of 2017-2018 was particularly brutal to manufacturing companies around the globe. Pharmaceutical manufacturer Merck, chip manufacturer TSMC, and many other companies’ production networks felt the wrath of the WannaCry-sis due to their dependencies on outdated Windows software and infrastructures. The downtime decreased productivity, threatened the reliability of their supply chains, and left them with millions of dollars worth of damage. The only way to decrypt the companies’ endpoints was to pay a ransom in bitcoin.
Operational downtime can be just as devastating—if not more so— in the energy and utility sectors. Due to increased urbanization and access to electricity, the world’s rising demand for energy requires that oil and gas operators, power generation plants, and more are always up and running1. While both industries were seemingly safe at the time, this attack signaled the need to take cybersecurity more seriously, because neither is immune to something like WannaCry.
Shamoon malware has been an industrial cybersecurity nightmare since 2012, when it wiped the data on over 30,000 computers at Saudi Aramco, Saudi Arabia’s national oil company and one of the largest companies in the world by revenue. While the attack was said to have had no impact on production operations, the company had to shut down its main internal network and turn away gasoline trucks seeking refills. Imagine having to give away your product for free when pumping 10% of the world’s supply.
A new Shamoon variant (V3) cropped up in 2018 to terrorize the oil and gas sector once again. This time, hackers employed this malware to attack servers in the Middle East, India, and Europe—particularly in Italy. Just because it’s been detected before does not mean it won’t come back bigger and stronger.
You can’t talk about devastating, real-world cyber attacks without mentioning the Stuxnet computer worm, which has been dubbed the “world’s first digital weapon.”
In the summer of 2010, Stuxnet attacked a nuclear power plant in Iran, infiltrating computer network systems connected to on-site industrial equipment used to enrich uranium. But this wasn’t a simple virus that stole private information or caused things to slow down; initiated by a USB stick, the Stuxnet worm replicated within the system, propagated to other machines within the network, and crippled the hardware. Overall, Stuxnet wiped out numerous uranium centrifuges and marked a turning point in malicious cybercrime. It was essentially the moment when industrial companies knew that something of this caliber was possible.
AI-Powered Endpoint Protection
In 2012, then U.S. Defense Secretary Leon E. Panetta warned that the United States could be the victim of a “cyber-Pearl Harbor.” What does this mean for power plants, transportation systems, the water supply, gas lines, and the like with operational technologies? More than ever before cyber attacks pose a significant risk to their core business, and traditional OT security models aren’t equipped to deal with novel, zero-day cyber attacks. And, in a lot of cases, there is no security available for these aging endpoints. The energy sector needs an AI-powered solution to protect their OT environments.
SparkCognition’s DeepArmor® Industrial solution:
- Addresses the energy sector’s challenge of securing vulnerable endpoint OT assets
- Uses a predictive approach and is resilient to zero-day and never-before-seen industrial attacks
- Reduces security costs to asset owners
- Is built on models that are specifically trained to the OT environment. It’s a lightweight solution that runs on legacy machines and operating systems
- Does not use signatures, heuristics, or rules that require constant network connectivity. It can be run with no internet connectivity at all, and it provides extensive logging for every action allowed or blocked to satisfy compliance needs
- Is independent of threat intelligence
- Eliminates the need for threat signature updates or specialized analysts
- Requires no regular updates. DeepArmor Industrial can be installed on Monday, receive no updates all week, and remain an effective defense on Friday—even if entirely new threats emerge on Tuesday, Wednesday, and Thursday
Read more about DeepArmor Industrial in our latest white paper.