Threat Research

Major Cybersecurity Incidents in the Oil and Gas Extraction Sector (2023-2024) – SOCRadar® Cyber Intelligence Inc.

SocRadar

The oil and gas sector is increasingly digital, making OT/IT environments attractive targets for cyber threats such as ransomware, phishing, supply chain attacks, and APTs. Notable breaches at Hitachi Energy, Halliburton, and Suncor illustrate the urgent need for stronger cybersecurity measures to protect critical infrastructure and ensure continuous operations. #CLOP #ColonialPipeline

Keypoints

  • Geopolitical Tensions: 78% of energy professionals report increased awareness of vulnerabilities due to geopolitical uncertainty.
  • Supply Chain Vulnerabilities: 57% of professionals believe their organizations have good oversight of supply chain risks.
  • Ransomware Threats: Ransomware attacks can halt operations and cause significant financial losses, exemplified by the Colonial Pipeline attack.
  • Phishing Attacks: Deceptive emails can lead to unauthorized access to critical systems.
  • Advanced Persistent Threats: State-sponsored attacks aim to steal sensitive information or disrupt operations.
  • Recent Cyber Incidents: Notable breaches include attacks on Hitachi Energy, Halliburton, and Suncor, highlighting the sector’s vulnerabilities.
  • Unpatched Vulnerabilities: 49% of ransomware incidents in 2024 were due to exploited vulnerabilities, emphasizing the need for robust cybersecurity measures.

MITRE Techniques

  • [T1486] Ransomware – Encrypting files to demand ransom for decryption. ‘Encrypting files to demand ransom for decryption.’
  • [T1566] Phishing – Using deceptive emails to trick users into revealing sensitive information. ‘Using deceptive emails to trick users into revealing sensitive information.’
  • [T1195] Supply Chain Compromise – Exploiting third-party vendors to gain access to larger networks. ‘Exploiting third-party vendors to gain access to larger networks.’
  • [T1499] Denial of Service – Overloading systems to disrupt services. ‘Overloading systems to disrupt services.’
  • [T1003] Credential Dumping – Stealing credentials to gain unauthorized access to systems. ‘Stealing credentials to gain unauthorized access to systems.’

Indicators of Compromise

  • [Vulnerability] CVE-2023-0669; CVE-2023-28771 – Vulnerabilities exploited to breach organizations (Fortra GoAnywhere MFT, Zyxel firewalls).
  • [Ransomware Group] CLOP; Stormous – Hitachi Energy data breach via CLOP; PVC-MS data exfiltration via Stormous claim.
  • [Organization] Hitachi Energy; Suncor – Breach and disruption affecting operations and payments.

Read more: https://socradar.io/cyber-attacks-in-oil-and-gas-industry-2023-2024/