Recently, the cybersecurity firm McAfee Inc. issued a whitepaper titled Global Energy Cyberattacks: “Night Dragon,” in which they outlined coordinated efforts to conduct cyber espionage among targeted energy firms that they suspect are being coordinated out of China.
The white paper goes on to detail the common methods utilized to exploit the security vulnerabilities within these multi-national energy companies and the ease of acquisition of the tools utilized to exploit these vulnerabilities.
Through the use of readily available hacking tools and by following a structured attack scheme, according to McAfee, the attackers were able to gain access and download highly sensitive internal documents that included financial information related to field exploration and bidding, as well as information in regards to oil and gas field production systems.
The risks and security concerns outlined by McAfee can apply to any industry with sensitive information that could be valuable to competitors or third parties looking to exploit it for their advantage. This white paper highlights the growing concern of targeted corporate espionage and should serve as a wake-up call to corporate security teams everywhere.
Not only are the means of exploiting corporate networks readily available, but there are groups of coordinated individuals that are dedicated to using them. Today’s attacker is focused and driven by the potential for financial gain and has a widely available market for distribution of any sensitive data obtained.
McAfee Foundstone Professional Services and McAfee Labs (2011). Global Energy Cyberattacks: “Night Dragon.” http://www.mcafee.com/us/resources/white-papers/wp-global-energy-cyberattacks-night-dragon.pdf
Schneider Downs provides accounting, tax, wealth management, technology and business advisory services through innovative thought leaders who deliver the expertise to meet the individual needs of each client. Our offices are located in Pittsburgh, PA and Columbus, OH.
This advice is not intended or written to be used for, and it cannot be used for, the purpose of avoiding any federal tax penalties that may be imposed, or for promoting, marketing or recommending to another person, any tax-related matter.