After targeting politicians, governments, and large firms in the tech and media industry, hackers could try to attack oil and gas companies using their system-linked infrastructure. Security experts believe hackers could exploit the smart facilities in oilfields to steal oil and other commodities or even cause an explosion.
Speaking at the RSA security conference in San Francisco, Alexander Polyakov, co-founder of the firm ERPScan, said the industry is facing a tough task maintaining margins while meeting demands as oil price declines. This is attracting a lot of attention from extremist organisations looking to control the oil resource, especially from the Iraqi production facilities.
At the same time, technology has become an essential element of the entire process of petroleum production, right from the exploration stage to the time the oil reaches the petrol pumps, becoming target points for potential attackers.
"Oil and gas are a critical industry, with so many different critical processes. Every point in this supply chain is increasingly reliant on sensors that monitor and measure pressure, fuel levels, pipeline flows, quantities of oil, temperature and whether equipment is working properly," Polyakov told the conference as quoted by the Guardian. "By targeting these pieces of internet-connected software, it is possible to carry out deadly assaults remotely," he added.
Polyakov also demonstrated how his team could launch a mock attack on an oil tank and empty or fill the contents in the reservoir, by rigging the oil company's monitoring software, without the alarm going off. He explained how attackers could "manipulate" the Burner Management System (BMS), the software used to operate (start/stop) the furnaces during the oil-gas separation, and cause an explosion.
"We did it with three guys who spend a few months finding vulnerabilities. They have much more power," Polyakov said.
Oil and gas companies have usually been off the hacker's radar, but in 2012, a group of anonymous hackers carried a massive cyberattack on one of the world's largest oil companies, Saudi Aramco, infecting over 35,000 computers.