Oil, Gas Tech Startup Faces Threat in Fundraising

Hess To Form MLP For North Dakota Oil, Gas Transport Assets
Oil and gas technology start-up companies should ensure they have a strategy for dealing with cyberattacks as well as fundraising.

Oil and gas start-up companies not only need to think about raising funds, but making sure they have a strategy for dealing with cyberattacks.

Cybersecurity defense firm Bromium recently uncovered evidence of an attack against an oil and gas technology start-up company’s website. The company that underwent the attack had just completed a round of fundraising from several companies, including one company based in the Middle East.

The reasonably sophisticated malware used indicates the attack was planned, said Rahul Kashyap, chief security architect and head of security research at Cupertino, California-based Bromium, in an interview with Rigzone. Kashyap previously led the world threat research teams at McAfee Labs, created and worked on several security technologies deployed in military, government, banking and healthcare institutions globally, and has led cyber defense strategies for several high profile security investigations.

“When you make an announcement like that, you expect lots of people to visit sites, including journalists, manufacturers and oil and gas companies,” said Kashyap.

Visitors who looked at the site through Internet Explorer (IE) were infected with a Trojan malware program that disguises itself as part of Windows to evade detection and can receive remote commands to allow for the recording of keystrokes or installation of ransomware and other malicious programs.

“IE clearly has been the browser of choice for attackers this year,” said Kashyap. “Its ubiquity makes it a prime target.” Bromium’s recent report on key attack data in the first half of 2014 reflects this trend. “In this case, the attack was leveraging an unpatched, publicly disclosed low-severity Internet Explorer vulnerability, CVE-2013-7331.”

CVE stands for common vulnerabilities and exposures, which Kashyap likened to a universal, real-time dictionary of software vulnerabilities.


View Full Article


Generated by readers, the comments included herein do not reflect the views and opinions of Rigzone. All comments are subject to editorial review. Off-topic, inappropriate or insulting comments will be removed.