Skip to main content

‘Phantom Menace’ cyber-attack targets oil industry

It’s not only rich investors and governments who are interested in oil, you know – cybercriminals also have their beady eyes on the industry built around the black stuff, according to a new report from Panda Security.

Dramatically entitled ‘Operation Oil Tanker: The Phantom Menace (opens in new tab)’, Panda’s new research claims to have uncovered one of the “most unique attacks” it has ever witnessed – it’s essentially a targeted cyber-attack on the oil transportation world.

It was first discovered when an employee opened an infected PDF which was declared safe by existing security systems, but was flagged as suspect by a pilot security program – this attack is apparently highly stealthy due to a number of clever custom scripts, and it stayed under the radar of antivirus software.

The cyber-attack was first detected by Panda at the beginning of 2014, and its aim is to siphon off credentials and data to be used for ripping off oil brokers.

Luis Corrons, the author of the report and Panda’s technical director, commented: “Initially this looked like an average non-targeted attack. Once we dug deeper, though, it became clear that this was a systematic, targeted attack against a number of companies in the same specific industry sector.”

The Phantom Menace attack, as Panda called it, was traced back to an email and name via the FTP connection used to pipe out the stolen data – but the alleged dozens of firms which have been affected haven’t reported breaches, fearing the attention and bad publicity this would bring. This leaves Panda in a situation where they have identified the perpetrator, but can’t go to the authorities and expect action to be taken due to a lack of any credible reports from the supposed victims.

Corrons said: “We can limit the impact of this potentially catastrophic cyber-attack, but only if the victimised companies are willing to come forward.”

Panda further notes that behaviour-based protection is limited, and companies must look beyond this, scheduling regular audits of security systems to discover and patch potential weak points in their defences.

Darren Allan

Darran has over 25 years of experience in digital and magazine publishing as a writer and editor. He's also an author, having co-written a novel published by Little, Brown (Hachette UK). He currently writes news, features and buying guides for TechRadar, and occasionally other Future websites such as T3 or Creative Bloq and he's a copy editor for TechRadar Pro. Darrran has written for a large number of tech and gaming websites/magazines in the past, including Web User and ComputerActive. He has also worked at IDG Media, having been the Editor of PC Games Solutions and the Deputy Editor of PC Home.