Alexander Polyakov of the software company ERPScan cautioned oil and gas companies about the threat posed by hackers, who may target vulnerable software with the oil business to steal commodities or cause explosions. Especially nowadays, when oil is witnessing a dip in its prices, the threats posed by malicious hackers are soaring.
The industry works on a range of critical processes – and there are many weak points which can be targeted. The best example of such vulnerabilities would be sensors that monitor pressure, fuel levels, temperature, functionality of the equipment and much more. All of these sensors are handled by software companies like Oracle, manipulating which can result in devastating consequences.
Polyakov demonstrated how he and his colleagues were able to simulate an attack on an oil tank without being detected by the monitoring software, which was created by the company SAP.
Polyakov showed how he and his colleagues were able to create a proof-of-concept attack to empty an oil tank without detection using the oil company’s monitoring software – in this case a system created by SAP. “We did it with three guys who spend a few months finding vulnerabilities. They have much more power” – he said,
It’s also possible to put the oil back into the tanks without detection. Attackers can also target the Burner Management System or the BMS which is used to control the furnaces at various stages of separation and is also extremely easy to exploit by external manipulations, something that oil and gas companies must be aware of.
According to a statistical analysis by Symantec, around 43% of global mining, oil and gas companies were attacked by hackers in 2014 – the highest within the corporate sector. These appalling statistics have also been confirmed by a separate study done by Trend Micro.
Recently, a number of cases involving cyber-attacks on energy companies have surfaced. In December 2015, state-sponsored Russian hackers targeted a Ukrainian power grid that caused a blackout in a major portion of western Ukraine.
Also, in 2012, the Saudi oil company ‘Aramco’ was devastated by a malware let loose by a group called ‘Cutting Sword’ that destroyed 30,000 computers. The attack was described as a “wake up call” by Keith Alexander, the former NSA chief.
A US government security researcher, reportedly said to the Guardian, that – “This is a stunningly active threat facing the critical infrastructure in the US right now, and if it’s not being taken seriously you’re being seriously naive. It’s time to address these issues.”