Page 102 - Intelligent Digital Oil And Gas Fields
P. 102

Instrumentation and Measurement                               71


                 Disgruntled insiders: These attackers can be difficult to detect and stop.
              They exploit the vulnerabilities either for financial gain or to sabotage the
              business.
                 Competitors: While it is not prevalent in the O&G industry, O&G is a
              very competitive industry. Competitor businesses try to gain access to the
              intellectual property, business secrets, and financial information.
                 Nation-state actors: With the explosion of organized hacker activities, the
              various organized groups supported by their country’s governing regimes
              have started to attack O&G industry targets, motivated by many factors.
                 Terrorist organizations: Their goal is to create collateral damage on a large
              scale, and an attack on O&G industry falls in that category, because any
              impact on O&G production can affect millions of people worldwide.
              The motivation is sabotaging nations, governments, and businesses.
                 Criminal syndicates: Their goal is to damage in all possible ways, including
              stealing intellectual property, financial data and information, and even laun-
              dering money.
                 The O&G industry faces many different kinds of attacks. The degree,
              size, and complexity depend on various factors in digital, smart, or intelligent
              field systems. The known major threats that industry faces are the following.
                 Botnet: A botnet is a collection of compromised computer systems, also
              referred to as zombies that are in full control of a cybercriminal known as
              botmaster, who is engaged in malicious attacks and more likely unlawful
              activities. Botnets have been a growing threat as they can significantly affect
              the operations of O&G industry.
                 Phishing and Email spamming: This threat is about getting credentials of
              legitimate system users using deception tactics by the attacker. Typically,
              a link is embedded in an email or other electronic communication, whereby
              the link might look very legitimate to the reader. However, when someone
              clicks the link, it takes him/her to a site the attacker controls and collects the
              user’s information. Later, the hacker uses that information for various other
              high-level attacks to the systems, networks, or accounts of the legitimate
              users. For O&G industry, phishing emails are targeted mainly at mid-level
              managers.
                 Malware and spyware: Malware and spyware are software, applications, or
              programs designed to gather information from computer/computing
              devices without the awareness of the legitimate user of the system. One
              of the reasons for this threat is the exponential growth of malware signature
              in cyberspace and the increasing sophistication of malware software. In
              2010, Symantec reported >280 million malware signatures compared with
   97   98   99   100   101   102   103   104   105   106   107