“Rising Concerns as Hackers Sell Access to Critical Energy Sector ICS/OT Systems on Dark Web Marketplaces”

Threat actors have been selling access to energy sector organizations, including industrial control systems (ICS) and other operational technology (OT) systems, according to a new report from Searchlight Cyber. The UK-based cyber threat intelligence firm analyzed posts published between February 2022 and February 2023 on cybercrime forums, dark web sites, and marketplaces, and found many offers for initial access into the environments of energy sector organizations worldwide, including oil and gas and renewable energy firms located in the US, Canada, UK, Italy, France, and Indonesia. Access is often auctioned and includes RDP access, compromised credentials, or entry through Fortinet products’ device vulnerabilities, among others. Prices range between as little as $20 and $2,500, depending on the target’s size, location, and the potential for supply chain attacks.

## The Threat to ICS/OT Systems

Some of the hackers have offered resources that can be used to conduct attacks against ICS/OT systems. This includes information on conducting Shodan searches, finding vulnerabilities, and exploitation. These types of resources can allow even unsophisticated and low-skilled attackers to hack industrial systems, as shown by some recent hacktivist attacks. Some of the examples featured in the report don’t illustrate threat actors offering access to industrial control systems. Still, Searchlight has confirmed for SecurityWeek that among other things, it does observe threat actors’ ICS and OT systems offering access on dark web forums.

## Recommendations

Access to ICS/OT systems is undoubtedly the highest priority concern of security professionals at energy organizations. It does, however, allow defenders to assess the capability of attackers with this information and monitor their evolution as credible threats over time. This underlines the need to continuously monitor for evidence that their infrastructure – corporate or industrial – has been compromised. Searchlight Cyber’s report provides instructions on how companies in the energy sector can leverage this type of intelligence for threat modeling.

As energy firms become increasingly reliant on technology and connected systems, the cyber risk to critical infrastructure also intensifies. It emphasizes the importance of the energy industry’s preparedness and cybersecurity efforts, which call for continuous monitoring and improving mechanisms. The report requires the companies of all sizes to beef up their online security by increasing vigilance, keeping up with the latest patches and segments, and providing their employees with regular training on the dangers of opening attachments or clicking on links from unknown sources. It also calls on companies to establish a robust security system and take the necessary steps to ensure that access to ICS/OT systems is tightly controlled, and there are multiple layers of security to prevent unauthorized access. Investing in cybersecurity is essential to prevent such attacks and to protect vital infrastructure from being hijacked remotely, resulting in hazardous consequences.

Cybersecurity–cybersecurity,hackers,energysector,ICS,OTsystems,darkweb,marketplaces