Oil companies attacked, espionage not just for Google

Image of man cutting barrel

The Christian Science Monitor reported today that Marathon Oil, ConocoPhillips, and ExxonMobil were compromised in 2008 by hackers. This attack follows the pattern outlined in the press this month about the Operation Aurora, attacks on Google, Adobe, and other unnamed US corporations.

As Dr. James Lyne and I pointed out in our recent podcast, this type of attack is not as uncommon as you’d think. If your organization has proprietary information that is essential to remain competitive, you should use these incidents as an opportunity to evaluate your defenses.

Anti-virus is certainly an important defense, but if you are the target of cyber-espionage you should have a detailed, layered defense. Many firewalls in organizations today allow outbound connections on many ports (80, 443, 22) that can be used to exfiltrate data. The use of proxy servers can go a long way to help you both discover illicit activities, and log these actions to perform a proper forensic response in the event you are victimized.

Today’s report implies that extremely expensive research into where the most profitable oilfields lie may have been captured and stolen from the aforementioned energy companies. I see very sensitive data like this being exposed within corporate environments all the time. The concept for years has been that if the data is on the corporate LAN, then no additional measures to protect this data are necessary.

Organizations are focusing on securing their mobile devices by deploying full disk encryption to their laptops, but they are not applying similar measures to data residing within their networks. Additionally, if your laptop is infected by custom-designed malware, full disk encryption may not be enough. Critical business data should be encrypted wherever it resides, whether it’s on mobile devices, email, or the LAN.

A comprehensive security strategy is more important than ever in light of these attacks. Hopefully the press surrounding these events will drive awareness and create some urgency to act. While this has been ongoing for sometime, we suggest organizations work harder than ever to identify sensitive data and protect it. As always, we are here to consult and advise on the best practices to prevent this from happening to your organization.

Creative Commons image courtesy of BevKnit’s Flickr photostream.