Report Shows How The Energy Sector Is One Of The Preferred Targets Of Cyber Attacks.

In Report Released by Verizon, Data Indicates Criminals Are Seeking to Steal Credential Information from Major Global Energy Sector Companies

A recent report from Verizon, a U.S. telecommunications company, points to the energy sector, which includes oil, gas, mining, and extraction, as one of the most targeted for cyberattacks.

Not to mention the global energy crisis, fueled by the conflict between Russia and Ukraine, the energy and extraction industries are becoming potential targets for cybercriminals, both because of their strategic positions within the global economies and the valuable information that can be “traded” for outrageous sums, and even used for espionage.

“The energy sector is the most strategic among all infrastructures, as, in addition to direct financial gains, adversaries can extort companies that provide essential services to society. Furthermore, more sophisticated adversaries, such as APT (Advanced Persistent Threat) groups and nation-states, may be interested in gaining access to control platforms in the sector for strategic operations,” says Sandro Süffert, CEO of Apura Cyber Intelligence, which develops solutions for monitoring and detecting possible virtual threats and partners with companies worldwide, including Verizon itself.

What Is the Level of Threat from These Cyber Attacks?

In this sense, the threat is on a global scale. Whether international private conglomerates like Exxon Mobil (United States), RDSA (Netherlands), Gazprom (Russia), or companies linked to local governments, such as PetroChina (China) and Petrobras (Brazil), the audacity of criminals is unlimited, and vulnerabilities in networks and information are tested all the time in an attempt to find flaws that allow attacks.

According to the report, in 2021, the year of analysis, there were 403 monitored incidents, 179 of which confirmed data breaches; 78% had financial motivation, while 22% of the threats sought to breach data confidentiality for espionage.

It is noteworthy that more than 60% of all attacks were phishing, which is a social engineering technique used to deceive users and obtain confidential information, such as usernames, passwords, and credit card details, through false messages such as emails, links, websites, and even apps. The most commonly used medium, according to the report, was the companies’ email servers, followed by web and desktop applications.

Numbers and Consequences

This led to a large number of stolen credentials (potentially collected through phishing) and ransomware, which is the “kidnapping” of information in exchange for ransoms. “Having this data gives criminals a lot of bargaining power,” says Süffert.

The expert also points out that the problem could be much greater if it weren’t for companies that are increasingly specializing in developing solutions that seek to identify threats before they solidify into effective attacks. Systems like BTTng monitor millions of pieces of information on the internet in search of patterns that may indicate a possible threat and thus emit alerts for the company to double its attention and activate its protection systems at maximum level, even warning employees about the risks of accessing any uncertified content.

“The creativity and audacity of criminals are substantial, and for this reason, the fewer opportunities and greater prevention energy companies invest in, the lower the risk of having to deal with the loss of valuable information,” concludes Sandro Süffert.

To Consult the Report, https://www.verizon.com/business/resources/reports/dbir/ | Via https://apura.com.br/