The world has come to a standstill as billions of people are under lockdown, with many businesses closed. But hackers never sleep.
Opportunistic malicious actors are trying to exploit one of the worst periods in the history of the oil industry, which is struggling with the double shock of the coronavirus pandemic and plunging oil prices.
While oil and gas firms around the world prepare for ultra-low oil prices, hackers have launched spear-phishing campaigns against oil and gas firms to infiltrate with a spyware for the purpose of collecting sensitive company information and credentials, Bitdefender researchers have found.
Spear-Phishing Campaign Targets US, Malaysian, Iranian Firms
The spear-phishing campaign did not use as sophisticated spyware as in other cyber attacks. Instead, it was carefully planned and executed with emails using the names of real companies, projects, and events to make the emails look as legitimate as possible, according to Bitdefender analysts.
Companies in many countries, including the United States, Malaysia, Iran, Oman, the UAE, and Saudi Arabia, were targeted with spear-phishing emails purporting to be on behalf of a real oil and gas company in Egypt, state firm Engineering for Petroleum and Process Industries (Enppi).
“Enppi is globally recognized as a major engineering, EPC main contractor, and management contractor, with decades of experience in onshore and offshore projects in the oil and gas, refining and petrochemical industries,” the company says on its website.
The emails sent in the spear-phishing campaign claim that they are inviting the companies to submit a bid for equipment and materials as part of a real existing project, the Rosetta Sharing Facilities Project.
In reality, Enppi did work on the Rosetta Sharing Facilities Project.
According to Bitdefender, these details would look convincing enough to an email recipient to open the attachment to send a bid bond for a tender. But opening the attachment actually drops a Trojan spyware.
Hackers Strike While Oil Industry Faces Major Market Challenges
This particular campaign took place at the end of March when Saudi Arabia was promising to flood the world with oil and U.S. President Donald Trump hadn’t yet dropped the comment that the Saudis and Russia would discuss removing 10 million bpd of oil from the market. At that time, oil prices were already crashing and the oil and gas industry started to slash budgets to cope with the low price of oil.
It was, and still is, a time in which the oil industry is already vulnerable to the double market shock of oversupply and plunging demand.
“While the malware payload itself is not as sophisticated as those used in more advanced and targeted attacks, the fact that they’ve been orchestrated and executed during this time, and before the ‘historic OPEC+ deal’, suggests motivation and interest in knowing how specific countries plan to address the issue,” Bitdefender’s Liviu Arsene writes.
According to Bitdefender researchers, this spear-phishing campaign was focused specifically on the oil and gas industry, unlike other spear-phishing campaigns, which are more comprehensive and involve many sectors.
The researchers also found another recent spear-phishing campaign, in which the hackers – claiming to be a shipping company – used legitimate information about a chemical/oil tanker and industry jargon to trick email recipients at several shipping companies in the Philippines into opening attachments that dropped Trojan spyware.
Cyber Attacks On Energy Industry Grow
Bitdefender’s analysis shows that cyber attacks on companies in the energy industry have been rising since October 2019, suggesting that malicious actors are specifically targeting the oil and gas industry when the market is particularly volatile. The United States and the UK lead the countries in terms of number of energy companies targeted in recent months.
Electric network systems are also a target of attacks. Threats of cyber attacks on North America’s electric network systems are growing, industrial cybersecurity firm Dragos said earlier this year. This year, the firm has identified two groups, Magnallium and Xenotime, which are increasingly probing to compromise electric assets in North America, expanding their targeting from the oil and gas sector to include electric assets.
According to cybersecurity firm FireEye, “Hacktivists may opportunistically target energy companies in response to perceived controversies.”
The spear-phishing campaigns found by Bitdefender were executed during a turbulent time for the oil and gas industry. No one knows where the bottom for oil prices will be in the coming days, considering that the WTI Crude May futures contract sank to as low as -$37 a barrel this week—with futures dipping into negative territory for the first time ever.