It is important to understand that cybersecurity training is more important for the Oil Subsector, compared to many other sectors and industries. Oil and gas systems have often become targets of ransomware, that has hit and taken down oil and gas producers in the Middle East, USA, and Europe. Cybersecurity awareness training for all users having authorized access to data is of paramount importance. As digital transformation is breaking the traditional divide between the IT infrastructure and Operational Technology (OT), criminal and state-sponsored groups are increasingly capable to tunnel malware from IT to OT.
Modules of the tailor-made training
- Important developments in the Energy Sector, Oil Subsector.
- Understanding the challenges after the hybrid war in Europe.
- Countries having the capability to launch cyberattacks that could disrupt the oil infrastructure.
The modus operandi
An overview of some attacks that are suitable for the objectives of the training. At the end of the presentation we will cover one or more of these attacks in depth.
CISA Alert (TA18-074A): Russian Government Cyber Activity Targeting Energy and Other Critical Infrastructure Sectors.
- Indicators of compromise (IOCs) and technical details on the tactics, techniques, and procedures (TTPs) used by cyber actors on compromised victim networks.
- The multi-stage intrusion campaign, as it was characterized by the DHS and the FBI, by state-sponsored cyber actors who targeted small commercial facilities’ networks where they staged malware, conducted spear phishing, and gained remote access into energy sector networks.
Understanding the tactics, techniques, and procedures (TTPs).
- spear-phishing emails (from compromised legitimate account),
- watering-hole domains,
- credential gathering,
- open-source and network reconnaissance,
- host-based exploitation, and
- targeting industrial control system (ICS) infrastructure.
Overview of the Colonial Pipeline attack.
The “double extortion” attack: Encrypting and locking up the victim’s data, but also stealing data and threatening to make it public.
Overview of the COPEL and Electrobras attack.
Overview of the cyberattack against Amsterdam-Rotterdam-Antwerp (ARA) storage terminals.
Overview of the attack at Saudi Aramco.
The objective to sabotage operations and to trigger an explosion, targeting industrial control systems that keep equipment operating within safe parameters by controlling pressure, temperature and voltage.
How could all these attacks succeed?
Who is the “attacker”?
- Countries, competitors, criminal organizations, small groups, individuals, employees, insiders, service providers.
- Hacktivists and the Oil Subsector.
- Professional criminals and information warriors.
How do the adversaries plan and execute the attack?
- Step 1 – Collecting information about persons and systems.
- Step 2 – Identifying possible targets and victims.
- Step 3 – Evaluation, recruitment, and testing.
- Step 4 - Privilege escalation.
- Step 5 – Identifying important clients and VIPs.
- Step 6 – Critical infrastructure.
Employees and their weaknesses and vulnerabilities.
- Employee collusion with external parties.
- Blackmailing employees: The art and the science.
- Romance fraudsters and webcam blackmail: Which is the risk for the Oil Subsector?
- Trojan Horses and free programs, games, and utilities.
- Reverse Social Engineering.
- Common social engineering techniques
- 1. Pretexting.
- 2. Baiting.
- 3. Something for something.
- 4. Tailgating.
- Clone phishing.
- Whaling – phishing for executives.
- Smishing and Vishing Attacks.
- The online analogue of personal hygiene.
- Personal devices.
- Untrusted storage devices.
- Best practices for managers and employees in the Energy Sector, Oil Subsector.
- What to do, what to avoid.
We will discuss the mistakes and the consequences in one or more case studies.
Closing remarks and questions.
The program is beneficial to all persons working for the Oil Subsector. It has been designed for all persons having authorized access to systems and data.
One hour to half day, depending on the needs, the content of the program and the case studies.
Delivery format of the training program
a. In-House Instructor-Led Training,
b. Online Live Training, or
c. Video-Recorded Training.
Our instructors are working professionals that have the necessary knowledge and experience in the fields in which they teach. They can lead full-time, part-time, and short-form programs that are tailored to your needs. You will always know up front who the instructor of the training program will be.
George Lekatis, General Manager of Cyber Risk GmbH, can also lead these training sessions. His background and some testimonials: https://www.cyber-risk-gmbh.com/George_Lekatis_Testimonials.pdf
Terms and conditions.
You may visit: https://www.cyber-risk-gmbh.com/Terms.html
Cyber Risk GmbH
Tel: +41 79 505 89 60
We process and store data in compliance with both, the Swiss Federal Act on Data Protection (FADP) and the EU General Data Protection Regulation (GDPR). The service provider is Hostpoint. The servers are located in the Interxion data center in Zürich, the data is saved exclusively in Switzerland, and the support, development and administration activities are also based entirely in Switzerland.