Searchlight Cyber alerts energy sector to dark web threats

Searchlight Cyber analysts detail numerous instances of threat actors selling initial access to energy organisations around the world including targets in the USA, Canada, UK, France, Italy, and Indonesia on popular dark web forums like Exploit, RaidForums, and BreachForums. The research also highlights threat actors discussing ICS systems and sharing tutorials, papers, and documents, on ICS/SCADA, PLC, RTU, HMI and other components of industrial systems.

The research also found:

• The predominant activity observed are auctions for initial access to energy companies that routinely take place on dark web forums.
• Threat actors often use the terms ‘start’, ‘step’ and ‘blitz’, which indicate the start price, the increments of the bids, and a ‘buy-it-now’ price (blitz) for initial access.
• Most of these auction posts list the access type along with the country of the organisation, its industry, and its revenue.
• Several threat actors post multiple ‘auctions’ impacting different organisations, suggesting that they are specialists in the initial access market.

Critically, the report explains how energy organisations monitoring the dark web can use this intelligence to spot when they are being targeted, and to prepare their defences for the most likely types of attack based on the threats they observe against their peers. This ‘threat modelling’ process involves identifying, categorising, and prioritising threats based on a hypothetical attacker’s point of view.

Commenting on the findings, Jim Simpson, Director of Threat Intelligence at Searchlight Cyber said: “Energy companies are routinely discussed on dark web forums, with threat actors frequently auctioning initial access via remote software, VPNs, and stolen credentials for exploiting corporate infrastructure, industrial control systems, and operational technology. The examples we highlight in this report are alarming but the intention of this research is to demonstrate to security professionals operating in this sector that they can use this intelligence to protect themselves, if they have access to it. With visibility into cybercriminal reconnaissance, energy companies can identify likely paths of attack, inform their defences, and prioritise security measures that will help them cope with the most imminent threats. Dark web data gives companies an insight into the mindset and operations of cybercriminals, which is invaluable to any intelligence team.”

Read the latest issue of World Pipelines magazine for pipeline news, project stories, industry insight and technical articles.

World Pipelines’ May 2023 issue

The May 2023 issue of World Pipelines includes a special section on pipeline design and operation in extreme environments. Also featured are technical articles on field joint coatings, pipeline steels, and safety and risk management for pipeline networks.

Read the article online at: https://www.worldpipelines.com/special-reports/16052023/searchlight-cyber-alerts-energy-sector-to-dark-web-threats/