A significant portion of oil and gas company CISOs (28%) are potentially unaware of the cyber-threats originating from the dark web or are not actively monitoring them.
The claims come from the latest Searchlight Cyber threat intelligence report, which also shows that more than a quarter (27%) of energy industry CISOs believe that activity on the dark web has no impact on their company.
According to the report, dark web auctions for initial access to corporate networks are the most prevalent threat against the energy industry. These auctions are frequently held on well-known hacking forums such as Exploit, RaidForums and BreachForums.
Read more on BreachForums here: BreachForums Shuts Down After Admin's Arrest
The report notes that these auction posts typically follow a standard format, with threat actors using terms like “Start,” “Step,” and “Blitz” to indicate the start price, bid increments and a buy-it-now price.
Most of these auction posts, which list the access type along with the country of the organization, its industry and its revenue, are posted by threat actors who specialize in the initial access market, as evidenced by their multiple “auctions” impacting different organizations.
“The fact that threat actors are auctioning off initial access to corporate networks on the Dark Web underscores the sophistication and organization within the cybercriminal underworld,” commented Craig Jones, vice president of security operations at Ontinue.
“Notably, these auctions aren’t localized; they target organizations in numerous countries around the world, highlighting the global nature of this threat.”
The research also highlights threat actors discussing industrial control systems (ICS) and sharing tutorials, papers and documents on ICS/supervisory control and data acquisition (SCADA), programmable logic controllers (PLC), remote terminal units (RTU), human-machine interfaces (HMI) and other components of industrial systems.
“Ransomware threat actors are going after any industry that generates significant profits, and energy companies certainly fall into that category,” explained Phil Neray, vice president of cyber defense strategy at CardinalOps.
“Plus, they tend to have weaker security controls due to a high number of remote access connections that can be exploited via weak or stolen credentials or VPN vulnerabilities.”
The Searchlight Cyber threat intelligence report comes days after Group-IB’s threat intelligence team revealed new campaigns by the Qilin ransomware group targeting critical sectors.