Energy


  • New APT ChamelGang Targets Russian Energy, Aviation Orgs

    October 1, 2021

    A new APT group has emerged that’s specifically targeting the fuel and energy complex and aviation industry in Russia, exploiting known vulnerabilities like Microsoft Exchange Server’s ProxyShell and leveraging both new and existing malware to compromise networks. Researchers at security firm Positive Technologies have been tracking the group, dubbed ChamelGang for its chameleon-like capabilities, since March. ...

  • The state of ransomware: national emergencies and million-dollar blackmail

    September 14, 2021

    Banks have been “disproportionately affected” by a surge in ransomware attacks, clocking a 1,318% increase year-on-year in 2021. Ransomware has become one of the most well-known and prevalent threats against the enterprise today. This year alone, we have seen high-profile cases of ransomware infection — including against Colonial Pipeline, Kaseya, and Ireland’s health service — cause ...

  • API Releases New Standard for Pipeline Control Systems

    August 30, 2021

    On August 18, 2021, the American Petroleum Institute (API) released the third edition of Standard 1164, Pipeline Control Systems Cybersecurity. The edition has been in development since 2017—a result of expert input from over 70 organizations, including the US’s Department of Energy, Cybersecurity and Infrastructure Security Agency, and the American Gas Association. “The new edition API ...

  • How Pipeline Owners and Operators Can Fulfill the TSA’s Second Security Directive

    August 12, 2021

    Senior officials at the Department of Homeland Security (DHS), of which the TSA is a part, announced at the time of their security directive that they would soon require pipeline organizations to implement a new set of mandatory security controls or face financial penalties. In mid-July, CISA announced the rollout of at least some of those ...

  • DHS Announces New Cybersecurity Requirements for Critical Pipeline Owners and Operators

    July 20, 2021

    WASHINGTON – Today, in response to the ongoing cybersecurity threat to pipeline systems, DHS’s Transportation Security Administration (TSA) announced the issuance of a second Security Directive that requires owners and operators of TSA-designated critical pipelines that transport hazardous liquids and natural gas to implement a number of urgently needed protections against cyber intrusions. “The lives and ...

  • Saudi Aramco data breach sees 1 TB stolen data for sale

    July 19, 2021

    Attackers have stolen 1 TB of proprietary data belonging to Saudi Aramco and are offering it for sale on the darknet. The Saudi Arabian Oil Company, better known as Saudi Aramco, is one of the largest public petroleum and natural gas companies in the world. The oil giant employs over 66,000 employees and brings in almost $230 ...

  • Oil & Gas Targeted in Year-Long Cyber-Espionage Campaign

    July 8, 2021

    A sophisticated campaign targeting large international companies in the oil and gas sector has been underway for more than a year, researchers said, spreading common remote access trojans (RATs) for cyber-espionage purposes. According to Intezer analysis, spear-phishing emails with malicious attachments are used to drop various RATs on infected machines, including Agent Tesla, AZORult, Formbook, Loki ...

  • North Korean Kimsuky hacking group allegedly behind breach of South Korean nuclear institute

    June 21, 2021

    A North Korean hacking group with a history of high-profile attacks against South Korea allegedly breached the network of South Korea’s state-run nuclear research institute last month. Representative Ha Tae-keung of the People Power Party, South Korea’s main opposition party, claimed 13 unauthorised IP addresses accessed the internal network of Korea Atomic Energy Research Institute (KAERI) ...

  • Fake DarkSide Campaign Targets Energy and Food Sectors

    June 18, 2021

    The ransomware attack on the major fuel supply company Colonial Pipeline recently made headlines. The incident has been attributed to the DarkSide threat actor, once again thrusting the group’s name into the spotlight. With this, it would not be surprising to find threat actors taking advantage of this incident for their own socially-engineered campaigns. Several companies ...

  • Biden gave Putin list of 16 critical infrastructure entities ‘off limits’ to cyberattacks

    June 17, 2021

    President Biden told reporters Wednesday he gave President Vladimir Putin a list of 16 critical infrastructure entities that are “off limits” to a Russian cyberattack. Those entities include energy, water, health care, emergency, chemical, nuclear, communications, government, defense, food, commercial facilities, IT, transportation, dams, manufacturing and financial services. “We’ll find out whether we have a cybersecurity arrangement ...

  • Utilities ‘Concerningly’ at Risk from Active Exploits

    June 14, 2021

    The amount of time that utility networks spend exposed to a known application exploit has spiked over the past two months — something analysts called out as a “concerning datapoint,” and an important reminder that ransomware isn’t the only threat utility networks need to secure against. A new report from WhiteHat Security measured the amount of ...

  • Key Considerations for the Department of Energy on Defending the Bulk Power Grid

    June 10, 2021

    On January 20, President Joseph Biden issued Executive Order (E.O.) 13990 to help protect U.S. bulk power organizations. This Order enacted a 90-day suspension of E.O. 13920 which was set by the previous administration. The new executive order empowered the Secretary of Energy (“Secretary”) to publish new criteria around pre-qualifying vendors of electric equipment, as ...

  • FBI Claws Back Millions of DarkSide’s Ransom Profits

    June 7, 2021

    United States law enforcement has clawed back approximately $2.3 million of the ransom allegedly paid to DarkSide by Colonial Pipeline last month, the Department of Justice (DOJ) and FBI announced in a joint press conference on Monday. “Today we turned the tables on DarkSide,” FBI Deputy Director Paul Abbate said in live-streamed remarks. They seized the money ...

  • DarkSide ransomware servers reportedly seized, operation shuts down

    May 14, 2021

    The DarkSide ransomware operation has allegedly shut down after the threat actors lost access to servers and their cryptocurrency was transferred to an unknown wallet. This news was shared by a threat actor known as ‘UNKN’, the public-facing representative of the rival REvil ransomware gang, in a forum post first discovered by Recorded Future researcher Dmitry ...

  • Colonial Pipeline paid close to $5 million in ransomware blackmail payment

    May 13, 2021

    Colonial Pipeline reportedly paid the ransomware group responsible for a cyberattack last week close to $5 million to decrypt locked systems. On Thursday, Bloomberg reported that two people close to the matter said a blackmail demand was agreed to within hours of the cyberattack that has impacted the fuel giant’s systems for close to a week. On ...

  • Hacker group behind Colonial Pipeline attack claims it has three new victims

    May 12, 2021

    The hacker group DarkSide claimed on Wednesday to have attacked three more companies, despite the global outcry over its attack on Colonial Pipeline this week, which has caused shortages of gasoline and panic buying on the East Coast of the U.S. Over the past 24 hours, the group posted the names of three new companies on ...

  • DarkSide ransomware will now vet targets after pipeline cyberattack

    May 10, 2021

    The DarkSide ransomware gang posted a new “press release” today stating that they are apolitical and will vet all targets before they are attacked. Last week, the ransomware gang encrypted the network for the Colonial Pipeline, the largest fuel pipeline in the United States. Read more… Source: Bleeping Computer Related story: Colonial Pipeline cyberattack shuts down pipeline that supplies ...

  • Colonial Pipeline cyberattack shuts down pipeline that supplies 45% of East Coast’s fuel

    May 8, 2021

    Colonial Pipeline, which accounts for 45% of the East Coast’s fuel, said it has shut down its operations due to a cyberattack. The attack highlights how ransomware and other cyberattacks are increasingly a threat to real-world infrastructure. The company delivers refined petroleum products such as gasoline, diesel, jet fuel, home heating oil and fuel for the ...

  • White House launches plan to protect US critical infrastructure against cyber attacks

    April 15, 2021

    The White House is reportedly moving swiftly forward with a plan to harden the security of the US power grid against hacking attacks. According to Bloomberg, the Biden administration has a plan to dramatically improve how power utilities defend themselves against attacks from countries considered to be adversaries in cyberspace – such as Russia, Iran, North ...

  • New survey report released: The state of industrial cybersecurity (Part 3)

    April 12, 2021

    This is the final installation of our three-part blog series, explaining the state of industrial cybersecurity based on the result of survey Trend Micro conducted in the US, Germany and Japan in November 2021. Part 1: Converging IT and OT with people, process and technology Part 2: Most factories have already implemented technical measures but are still ...