Cyber Threats in the Oil and Gas Sector: Evolution and New Attack Methods

Aktualne zagrożenia cybernetyczne dla sektora naftowo-gazowego obejmują ataki phishingowe z użyciem zaktualizowanego oprogramowania Rhadamanthys oraz ewolucję szkodliwych rodzin spyware, takich jak Sync-Scheduler i Mighty Stealer. Check Point zidentyfikował również zagrożenia na kontynencie afrykańskim. Konieczne jest śledzenie i reagowanie na dynamicznie zmieniający się krajobraz zagrożeń cyfrowych.

Current State of Cyber Threats for the Oil and Gas Sector
Recently, an increase in phishing attacks targeting the oil and gas sector has been observed, utilizing an updated version of the malicious software Rhadamanthys. This software, written in C++, enables cybercriminals to steal sensitive data from infected hosts.

Phishing Attacks Using Vehicle Incident Lure

Phishing emails impersonating the Federal Bureau of Transportation inform recipients about a fictitious incident involving their vehicle, threatening them with a hefty fine. Such actions aim to enhance the attack’s effectiveness by instilling fear in the recipient.

The Evolution of Rhadamanthys and Concerns About New Features

Warnings have also been issued that Rhadamanthys may evolve, adding the capability to steal information and incorporating the LockBit ransomware variant. This change in behavior of the malicious software poses a significant threat to the data security of the oil and gas sector.

Dynamic Landscape of Cyber Threats

In addition to Rhadamanthys, other dangerous families of spyware are emerging in the market, such as Sync-Scheduler and Mighty Stealer. There are also reports of the evolution of existing threats, for example, StrelaStealer. This demonstrates the constant changes and adaptations by cybercriminals to carry out successful attacks.

Global Threats through Malspam Campaigns

Malspam campaigns, particularly prevalent in Indonesia, utilize fake banking lures to spread the Agent Tesla software. The aim of the attacks is to steal data such as login credentials, financial information, or personal documents. Noteworthy are also phishing campaigns using Agent Tesla, which took place in Australia and the United States in November 2023.

Check Point Tracing African Threats

Check Point identified two African threats: Bignosa and Gods, as the main perpetrators of attacks using malware and phishing. The Bignosa group operates aggressively, sending spam and participating in phishing campaigns.

Ease of Propagating Cyber Threats

Experts highlight the ease with which cybercriminals can launch campaigns using malware and phishing. The low barrier to entry into such activities poses a significant challenge for the industry and cybersecurity institutions.