Twenty-seven percent of CISOs at oil and gas companies say that dark web activity has no impact on their company — and this comes at a time when it’s common for threat actors to hold auctions on the dark web to sell access to compromised VPNs at energy firms, according to new research posted May 16 by Searchlight Cyber.
While 72% of oil and gas companies are already gathering dark web intelligence to protect their companies from cyberattacks, the Searchlight Cyber researchers say they are still behind many other leading industries, such as financial services at 85%, manufacturing’s 83% and transportation at 81%.
The researchers said energy companies may not have historically considered themselves the primary target for financially motivated cyberattacks from the dark web, but the cybersecurity landscape has changed dramatically over the past few years. Cybercriminals are no longer just focusing on banks and insurance companies, they are increasingly targeting enterprises in industries such as healthcare, oil and gas (think Colonial Pipeline), and manufacturing.
These trends make dark web intelligence more vital than ever, researchers said. Here are some of the leading findings in the report:
The predominant activity observed against the energy industry on the dark web are the auctions for initial access to energy companies that routinely take place on dark web forums. Threat actors often use the terms “start,” “step,” and “blitz,” which indicate the start price, the increments of the bids and a “buy-it-now” or “blitz” price. Searchlight