The oil and gas sector has seen exponential digital growth over the last two decades. With this evolution of the sector’s digital landscape has come an increasing number of cyber attacks on the vulnerable, newly interconnected systems. Critical infrastructure (CI) systems like oil & gas face ever-present, potent cyber threats. This new reality is one marked by not only nation-state actors seeking strategic gains, but prolific for-profit hackers. The ransomware attack on the Colonial Pipeline, for example, cost millions yet also threatened the gas supply to the East Coast of the United States.

Traditional cybersecurity is not enough to mitigate risk and protect oil and gas enterprises.Proactive cybersecurity is a must for these high-risk institutions. Deception technology makes it possible to not only detect attacks and intruders but to control the behavior of the adversary.

We’ve created a full data sheet on how deception technology can improve the security posture of oil & gas and other critical infrastructure, which you can download here. Read more about the specific challenges and our solution below.

The Specific Challenges of Oil & Gas

The oil & gas sector is made up of very high-value targets, which is one of the biggest challenges faced when protecting it. The stakes are high, and therefore the attacks tend to be more sophisticated.

  • Oil and gas networks are a target of both sophisticated nation-state actors and cyber criminals.
  • Custom systems are difficult to integrate and to protect.
  • The sector is an att>active target due to the broad influence it has on economic and political spheres.
  • Complex requirements for changing and flexible user account management means insider threat or credential leakage is a real possibility.
  • Systems often have inter-compatibility issues with other security software.

CounterCraft delivers and tailors deception environments to not only protect production assets, but also enable rapid adaptation to new requirements. CounterCraft’s unique technology helps security teams misdirect the adversary and protect production systems, all while gathering real-time actionable tailored threat intelligence.

All of this is achieved with zero impact on existing systems, and zero risk to business continuity. This is a major plus for financial services organizations, which often have complex systems that cannot be touched.

Example Deception Campaign for Oil & Gas

Here is a real-life example of how deception has worked to protect an important aspect of oil & gas—VPN networks. This campaign was designed to detect threat actors as they attempt to access a network’s VPN server using fake credentials.

  • The campaign deploys credentials to a fake VPN portal, mimicking a typical technical support access model.
  • The VPN gives access to a deception control center with engineering workstations, and HMI, Historian and fileshare. A second VPN gives access to an OT network with one or more PLCs and a terminal server.
  • Once the attacker enters the deception environment, you can continue to interact with them, collecting intel and observing their actions.

The Result

Insider and external threats to OT environments are identified and their movements are subsequently tracked.

Benefits

Deception can help in the proactive protection of high-value targets without imposing any burden on the normal operation of services.

  • Actionable threat intelligence with zero false positives tailored to your organization
  • Intuitive platform requiring minimal technical resources to manage
  • Flexible deployment model that includes on premise within the network, on premise outside the network, and in any Cloud Service Provider environment
  • No emulations and no complicated physical and/or virtual appliances. We install on real unallocated/nonproduction physical or virtual systems
  • Truly mimic your production environment by deploying the necessary servers, endpoints, applications, and services required
  • Real-time telemetry, Indicators of Comprise (IOCs), and Techniques, Tactics, and Procedures (TTPs)
  • Automatically map threat intelligence to the native MITRE ATT&CK Framework integration within the platform
  • Protects your current investments by integrating with existing solutions

To learn more about how deception is uniquely positioned to protect the oil & gas industry, download the full data sheet here.

For more examples of how deception has prevented cyber attacks and to learn more about CounterCraft, contact us.