Summary
Overview
A European client in the oil and gas sector approached Reversec to perform an Industrial Control System (ICS) cybersecurity assessment.
The oil, gas, and energy sector is disproportionately targeted by sophisticated attackers compared to many other industries. At the same time, the growing use of connected technology alongside legacy systems has brought cybersecurity threats from lower in the value chain closer to critical remote and offshore upstream operations.
The client needed a comprehensive, expert ICS assessment of its industrial control system to identify vulnerabilities and assess risk appropriately.
Company
Oil and gas sector client
Industry
Energy
Solution
To mitigate threats effectively, it is essential to gain strong visibility into the client’s assets, operations, and threats across the full environment. By understanding these threats and risks, and the attack paths through which they could be realized, we carried out a thorough security assessment of the ICS.
We began by conducting a network mapping exercise to understand connections between ICS components and related systems, and to identify potential attack paths to critical ICS assets. Each system was then analyzed in more detail to determine what security capabilities were present by design and how they could be leveraged.
This work used multiple data-gathering techniques, including interviews with the client’s subject matter experts, network and control system serial traffic captures, and documentation reviews. During network mapping, we identified unusual traffic that appeared inconsistent with expected system behavior.
To learn more about the traffic, we submitted the patterns and content to our internal AV lab analysts. The team has experience in static, dynamic, and reverse engineering malware analysis. They confirmed the traffic was malware and conducted further analysis to help us understand its purpose and impact, as well as the attacker’s objectives and methods. The analysis linked the malware to a well-known Advanced Persistent Threat (APT) group.
As the attacker was live on the client’s ICS, this represented a significant risk. The facility under assessment formed part of the country’s critical national infrastructure. After identifying the APT group, we alerted local authorities regarding the threat actor. We then liaised with the authorities and provided a thorough handover of the information needed to enable rapid incident response and forensic activities.
Outcome
Our ICS assessment, which could have been considered a routine security test, identified a live APT threat actor on the client’s ICS network. Detecting and containing a sophisticated attacker before it could complete its objectives likely prevented extensive business disruption and damage. ICS environments are critical, and we approach assessments with the depth required to identify and address security gaps, providing robust assurance and peace of mind.
Used services
Resilience Development
Build your immune system and withstand a cyber incident; assess risk by testing your controls against likely threats, and improve the skills of your security operations team.
Our accreditations and certificates
Don’t be a stranger, let’s get in touch.
Our team of dedicated experts can help guide you in finding the right
solution for your unique issues. Complete the form and we are happy to
reach out as soon as possible to discuss more.
This site is protected by reCAPTCHA and the Google
Privacy Policy and Terms of Service apply.