Nordic Region’s Energy Sector Targeted by State-Sponsored Hackers
State-sponsored, malicious hackers pose the greatest risk to Nordic governments and industries, according to a FireEye report on Nordic information security threats, Cyber Threats to the Nordic Region.
Attackers seeking state secrets, sensitive personal and financial data, and intellectual property from not only government entities, but other industries that have an effect on the economy, politics and military intelligence.
Some of the prime targeted sectors include aerospace and defense, healthcare and biotech, and the energy industry - including oil and gas exploration, production and distribution; green energy development; and industrial control systems.
Norway: Targeted for Energy Industry
In a report on Data Breaches in Europe: Reported Breaches of Compromised Personal Records in Europe, 2005-2014 published by the Center for Media, Data and Society (CMDS), Norway was listed as one of the countries with unusually high numbers of information breach incidents, with large volumes of records breached. Other countries leading the way with the most breaches include Germany, Greece, Netherlands and the U.K.
According to the CMDS, Norway has 80 compromised records per every 100 people - this seems unusually high, but not so much when compared to the U.K., which scores at 220 breached records for every 100 people.
Norway’s robust energy industry makes the country a major target for state-sponsored hackers, since the country is:
- The top energy supplier to the European Union (EU)
- Home to Europe’s largest oil and natural gas reserves
- Considered the EU’s top energy supplier after Russia
Naturally, if a malicious hacker accessed an energy company that provided electric power, they could shut down electricity in the entire region. Simultaneous attacks on several network energy companies could affect major critical infrastructure, including trains, planes, water supply, sewage systems, etc., as Phys.org reported.
Phishing for Stolen Credentials in the Energy Sector
In 2014, Norway’s National Security Authority (NSM) announced that threat actors compromised 50 Norwegian oil companies, including Statoil, the largest oil company. Worse yet, the low-tech and effective method of phishing emails was the downfall of many of these companies - malicious PDF attachments targeted employees in the legal and procurement departments.
This malware installs keyloggers that to log keyboard strokes and credentials that enable attackers to move laterally throughout an energy company’s network. Learn more about the attacks in Norway’s Oil Companies Targets of Largest Coordinated Attack.
Similarly, in the U.S., malware delivered via a phishing campaign targeted multiple natural gas pipelines, in an attempt to disrupt the control systems of the pipelines that are responsible for over 25 percent of the nation’s energy supply, according to Information-Age.com. Again, phishing was the point of entry that hackers attempted to leverage for remote access to critical infrastructure.
According to FireEye, the majority of crimewave variants (58 percent) targeting the Nordic region included “infostealers,” that is, crimewave that is designed to collect credentials and other private user information. That’s because a set of credentials can unlock access to valuable information, if logins are not secured with alternative access security technology like two-factor authentication.
Basic Data Security to Secure Energy Firms
The Nordic countries and their governments are targets of these types of attacks due to their participation in many regional organizations, including the European Union (EU), the North Atlantic Treaty Agreement (NATO), Organization for Security and Co-Operation in Europe (OSCE), and the Arctic Council.
While payment service providers in the EU are subject to minimum security requirements for online transactions, including implementing two-factor authentication for strong customer authentication, similar if not much stronger data security measures should be taken to protect energy companies and critical infrastructure.
Combining something you know (password) with something you have (an authenticator app on your smartphone) makes it harder for attackers to remotely access and steal information with a set of stolen credentials. To protect against known threats, use an endpoint security solution that detects outdated software on your users’ devices, letting you remediate and close any security gaps in your organization.
Prevention paired with device intelligence, monitoring and notification can help reduce the risk of account takeovers and stolen intellectual property and data.