A report published by McAfee illustrates in detail an extensive pattern of precision attacks targeted specifically against the oil industry. The revelation from McAfee is yet another example of the rising trend of malware as a tool for corporate espionage, and the threat of state-sponsored cyber attacks.
The McAfee report–titled Global Energy Cyber Attacks: “Night Dragon”–states, “Starting in November 2009, coordinated covert and targeted cyber attacks have been conducted against global oil, energy, and petrochemical companies. These attacks have involved social engineering, spear phishing attacks, exploitation of Microsoft Windows operating systems vulnerabilities, Microsoft Active Directory compromises, and the use of remote administration tools (RATs) in targeting and harvesting sensitive competitive proprietary operations and project-financing information with regard to oil and gas field bids and operations.”
The implications are ominous. The computer and network security industry operates on a primarily reaction-based model. Attackers create threats, and security vendors discover them and create defenses to guard against them…after the fact. If the attacks fly under the radar, though–remaining undiscovered–then there is little that most of today’s security solutions can do to detect or evade them.
Attacks such as this–like the “Operation Aurora” attacks against Google and others (also a China-based effort), or the Stuxnet worm ostensibly engineered specifically to compromise the nuclear capabilities of Iran–are much harder to defend against. McAfee explains, “Our experience has shown that many other industries are currently vulnerable and are under continuous and persistent cyber espionage attacks of this type. More and more, these attacks focus not on using and abusing machines within the organizations being compromised, but rather on the theft of specific data and intellectual property.”
Technology has evolved, and cyber attacks have matured. Organizations can’t just rely on the traditional firewall and antivirus software model to protect corporate secrets and other sensitive information, or to guard against subversive coordinated attacks. IT and security admins need to be more proactive about vulnerability and risk assessment of critical assets, and more vigilant about safeguarding sensitive information and preventing it from being leaked or compromised.