Cyber security series - Who is targeting you and your third parties?

20 November 2017

Security compromises continue to make headlines in the press.  Increasingly we see organisations reporting losses of data with others being hit by the rising wave of disruptive malware, NotPetya and Bad Rabbit being the most recent examples.   

Cyber-attacks commonly have a clear target or some obvious modus operandi. What has changed is that organisations are increasingly being caught up as ‘collateral damage’ in wider attacks.  In the case of NotPetya, this was an attack in the Ukraine which, due to software distribution services, ‘leaked’ into the wider IT ecosystem and very quickly proliferated. When it comes to information security – it is important to understand your place in this wider ecosystem.  Getting the basics right is one fundamental step that helps you avoid becoming collateral damage or getting caught up in someone else’s issues. Understanding who the attackers are, how they operate and why they might attack you can help you shape your defences against a targeted attack and develop a more effective security strategy.

In 2017, PwC published a report about who the attackers targeting the energy sector are.  This research came to the following conclusion:

‘We believe that espionage threat actors pose the highest risk to the energy sector.  An attack by hacktivists or cyber criminals is possible but less likely.  Although there is precedent for destructive sabotage attacks on the sector, we believe these are less likely for the majority of organisations.

Understanding what motivates these different groupings, can help us to understand how best to protect ourselves.  To break these groups down:

  •         Espionage is ‘for the nation’,
  •         Criminal is ‘for the money’,
  •         Hacktivist is ‘For the cause’ and
  •         Sabotage is ‘for the impact’.

And their areas of interest are often as diverse as their modus operandi.  Our research concluded that areas of interest for state-sponsored attacks are likely to include:

  • Oil and gas field research data
  • Documentation on the transport and delivery of resources
  • Business deals
  • Strategic organisation information

Industry competitors meanwhile are likely to be interested in:

  • Exploration data
  • Drilling technologies
  • Refinery processes
  • Sensitive data relating to business deals
  • Potential new operations.

Like robbers targeting a bank, the way in is not always through the front door.  When it comes to targeted attacks we see an increased use of supply chain and third party attacks, where trusted third party organisations are compromised to provide a way in.

You might be a small organisation that is responsible for supporting critical services, or a large consumer of third party services to support your critical processes – understanding the impact of your operations on the wider supply chain is paramount.  With this in mind it is important to ask two questions of your organisation:

  • Could you be targeted because you are the weakest link?
  • Are your third parties being targeted to get to you?

The recent Cloudhopper report , whilst focusing on managed IT environments highlights the problem. Someone else’s security shortcomings can quickly become a real problem for you.

In summary, it’s increasingly important that companies understand who might target them (and their supply chain) and why.  Increasingly you need to look for assurance from trusted third parties that they aren’t the weak link in your supply chain. Do you know which third parties have access to your IT and OT environment?  How do they secure these connections and would you know if someone used them maliciously?  And in this environment, sharing information about the threats and trends we see helps us build our ‘herd immunity’.  

So if nothing else consider joining the UK Government’s Cyber Information Sharing Partnership (CISP) - it is free and will help you connect with peers facing the same problems as you.



John Hinchcliffe, cyber security specialist

Tel: 07702 699 175

E: [email protected]




شاه جهان
فروشگاه گیاهان دارویی

Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Your comment could not be posted. Error type:
Your comment has been posted. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.


Post a comment