Following the release of Constella Intelligence’s 2021 Identity Breach Report, new and additional findings pertaining to exposures, breaches, and leakages within the energy sector, specifically focusing on employees and executives of the top 20 energy companies found on the Fortune Global 500 list, have been compiled in this industry-specific report which looks at data from January 2018 through September 2021.
Constella’s research directly focuses on exposures related to the corporate credentials of employees and executives at the 20 energy companies analyzed.
It is no secret that the energy sector has been a repeated and high-value target for cyber threat actors seeking to disrupt critical infrastructure and cause financial and reputational harm. When an energy company suffers a breach or ransomware attack, the disruption is capable of causing harmful ripples across the economic and geopolitical landscape. And over the last three years, the public has witnessed critical infrastructure be decimated due to cyber-attacks against the energy industry. In 2018, the U.S. government accused Russian government cyber actors of hacking into American energy infrastructure, in 2020 the U.S. Department of Energy was hacked, and U.S. federal agencies have repeatedly held discussions for energy leaders of pipelines, oil, and gas enterprises on data breaches and cyber threats. Shockingly, all of this came before Colonial Pipeline, one of the largest pipeline operators in the U.S. that provides roughly 45% of the East Coast’s fuel, including gasoline, diesel, home heating oil, jet fuel, and military supplies, was forced to halt all pipeline operations and freeze IT systems after becoming the victim of a cyberattack in May of 2021.
“The energy sector plays a key role in maintaining the continued functionality of critical infrastructure. As in other major sectors, companies in this industry are susceptible to a variety of attacks enabled by circulating PII, including ransomware, phishing, ATO, and several others” said Jonathan Nelson, Digital Intelligence Specialist at Constella Intelligence. “The exposures and breaches pertaining to energy companies must be viewed as imminent, serious threats as deep and dark markets are robust, dynamic, and constantly evolving.”
Indisputably, organizations in the energy sector are a major target for threat actors, and their executives and key employees are often the most frequent entry points for devastating attacks. As experts in digital risk protection, cyber intelligence, and cybersecurity continue to track and anticipate cybercrime activity targeting the industry, it is important to raise awareness regarding the principal points of attack from threat actors and the vulnerabilities often exploited through employees and executives. This report explores the ongoing digital threats plaguing the energy sector and highlights the prevalence of exposures, leakages, and breaches related to the corporate credentials of executives and employees.
Key Findings Include
1. Constella’s analysis identified over 1.5M exposed records and 4.2K breaches and leakages between 2018 and 2021 where corporate credentials of major energy companies analyzed were identified. Our analysis evidences a steady increase in the number of breaches and records exposed for the top 20 energy sector companies since 2018. Nearly 23% of total breaches identified since 2018 have occurred in the first nine months of 2021. These 2021 figures are on track to spell an increase in total breaches compared to 2020.
2. Energy company employees are incurring serious risk by using corporate accounts to register on retail, gaming, and entertainment sites. Sectors, where corporate credentials from employees of the energy companies analyzed have been exposed, include retail, services, technology, news, entertainment, finance, and education, indicating a wide-ranging use of corporate accounts and data online.
3. Executives are a major point of attack for cybercriminals, and threat actors’ goals are facilitated with the proliferation of executives’ PII available. Out of a sample of CEOs and C-suite executives, 45% of executives from the top 20 energy companies on the Fortune Global 500 list have been exposed in a breach since 2018. Of the exposed executives, 24% have been exposed in breaches that include passwords.
4. Around two-thirds (67%) of breaches and leakages where energy companies’ data is exposed include PII. Exposed PII later sold or dumped in deep and dark marketplaces enables cybercriminals to launch more diverse, sophisticated attacks on their targets, including phishing, ATO, ransomware attacks, and coordinated disinformation campaigns. Emails appear in nearly 100% of breaches where energy company employees have been exposed, while passwords appear in 72% of breaches where energy company employees have been exposed. Consistent with Constella’s 2021 Identity Breach Report, 55% of passwords exposed are plaintext or are using a weak algorithm such as MD5 or SHA1.