Cybercriminals are selling initial access to energy companies on the dark web, with numerous targets in the UK according to an industry report. Is your company ready to address these issues of cyber security?
The deepest and darkest corners of the internet are hiding some of the most dangerous threats to industries, including energy companies and their most critical and sensitive data.
Yet, despite the ever-present threat of cyber attacks, some senior managers don’t believe the dark web poses a threat to their organisations.
In fact, more than a quarter, or 27% of CISOs in the energy industry believe that activity on the dark web has no impact on their companies. That’s according to a new report by dark web intelligence firm Searchlight Cyber.
The company’s director of threat intelligence, Jim Simpson warns: “(These cyber threats) are real. They’re real for everyone. Vulnerabilities are happening all the time. Exploits are being developed all the time.”
What is the “dark web”?
First, it’s important to know what the “dark web” is. It’s a collection of websites, forums, and marketplaces that are only accessible with specialist software such as “The Onion Routing” protocol or Tor. Tor is free software that allows people to share data and communications anonymously over a public network.
It’s different from the “clear web” which is open and accessible. Some examples of these are news or industry websites like BBC and Energy Voice. Search engines like Google can index sites on the “clear web” and make them searchable.
There are other sites like Facebook that are available to everyone, but they require an account or a password to get into. These sites are on the “deep web”.
Cyber threats on the dark web
“That level of anonymity (in the dark web) emboldens people to share more criminal data. (Criminals) like the fact that it’s hard to find out who runs the service but it’s easy to access and easy to see for most people,” explains Jim.
For example, the dark web is a magnet for ransomware operators who use malware (like a virus) to encrypt files. They convert valuable information (like a company’s intellectual property, mining rights, payroll or HR records) into a code and then demand a ransom paid in cryptocurrency in exchange for a key to decrypt those files.
But Jim warns the way ransomware operators work is constantly evolving. “They can do double extortion where they encrypt as well as steal files. They can also give them away for free to the general public or contact your customers to shame your company, putting more pressure on people to pay.”
Dark Web Intelligence for the Energy Industry
Searchlight Cyber’s report, Dark Web Threats Against the Energy Industry, shows that energy companies are routinely discussed on dark web forums, particularly by threat actors auctioning initial access to remote software, VPNs and stolen credentials.
That analysis is based on a sample gathered over the 12-month period between February 2022 and February 2023. The sample includes numerous listings for organisations all over the world, including targets in the UK, France, Italy, USA, Canada, and Indonesia.
Most of the auction posts list the organisation’s country, its industry, its revenue and the type of access being sold. The name of the organisation is also given in some cases.
How dark web intelligence can help
This is where dark web intelligence plays a key role. Security professionals can gather pre-attack data from these forums and determine if their organisation is being targeted.
And even if they don’t fit the exact profile of the victim, they can consider the tactics being used against other energy companies in their own cyber defences.
Jim says: “You can prepare for types of attacks before they happen by watching those trends on the dark web. Then, if an attack does happen, you have that game plan ready before it even affects you.”
Searchlight Cyber can help you
In addition to providing energy organisations with critical intelligence from the dark web to enhance their threat models, Searchlight offers an automated dark web monitoring platform that scans for emerging threats. Their platform also offers energy companies visibility into Tor traffic to and from their network, which is a key warning sign of malware installation, insider threats, and data theft.
“We can get to places on the dark web where you can see, through our products, what cybercriminals are offering. You can set up alerts so that (you know) if you are being mentioned or if peer organisations or someone in your industry vertical is ever mentioned.”
“In order to keep pace with the latest threats, energy organisations should be continuously monitoring the dark web and building threat models for specific risks at least every six months. This combination will help energy companies keep their security up to date and increase their ability to stop cyberattacks,” says Jim.
Visit Searchlight Cyber’s website to learn how you can stay ahead of dark web threats.