The majority (28%) of oil and gas CISOs are either unaware of or not actively monitoring potential cyberthreats from the dark web.
This claim comes from the latest Searchlight Cyber Threat Intelligence Report, which also found that more than a quarter (27%) of energy industry CISOs believe dark web activity is not affecting their company. is showing.
According to the report, dark web auctions for initial access to corporate networks are the most prevalent threat to the energy industry. These auctions are often held on well-known hacking forums such as Exploit, RaidForums and BreachForums.
More information on BreachForums can be found here: BreachForums Shuts Down After Admin’s Arrest
The report notes that such auction posts typically follow a standard format, with attackers using terms like “start,” “step,” and “blitz” to indicate starting prices, bid increments, and instant buy prices. pointing out.
Most of these auction posts list the type of access along with the country, industry, and revenue of the organization, and attackers specializing in the initial access market, as evidenced by the multiple “auctions” affecting various organizations. Posted by
“The fact that threat actors are auctioning off initial access to corporate networks on the dark web highlights the sophistication and organization of the cybercriminal underworld,” said Craig Jones, Vice President of Security Operations at Ontinue. I am doing it, ”he commented.
“Notably, these auctions are not localized. They target organizations in many countries around the world, highlighting the global nature of this threat.”
In this study, threat actors discuss Industrial Control Systems (ICS), tutorials and papers on ICS/Supervisory Control and Data Acquisition (SCADA), Programmable Logic Controllers (PLC), Remote Terminal Units (RTU), Human Machine Interface , also highlights that they share documents. (HMI) and other components of industrial systems.
“Ransomware attackers target every industry that generates significant profits, and energy companies definitely fall into that category,” explains Phil Neray, vice president of cyber defense strategy at CardinalOps. bottom.
“Additionally, security controls tend to be weak due to the large number of remote access connections that can be exploited via weak or stolen credentials or VPN vulnerabilities.”
The Searchlight cyber threat intelligence report comes just days after Group-IB’s threat intelligence team uncovered a new campaign by the Qilin ransomware group targeting critical sectors.
