Analysis

2022 Oil and Gas Sectors Threat Landscape

Global threat assessment by Deloitte Cyber Threat Intelligence

The Russian-Ukraine conflict has economically affected the oil and gas sectors, disrupting energy supplies. Threat actors, primarily cybercriminals and ransomware groups, reacted to the political atmosphere by further attacking the sectors in 2022, making them yet more vulnerable to threats. Several ransomware gangs focused on the sectors in 2022 and hit major organizations across Europe, resulting in a widespread disruption on energy supply that even affected gas stations.

According to Standard and Poor’s (S&P) Global, 2022 saw the highest number of cyberattacks against the oil and gas sectors in the past six years.¹

A recent Trend Micro survey examined the attack vectors that forced the shutdown of operational technology (OT) systems, causing significant financial damage.² The most serious threat was malware infection from legitimate web browsers, which could be caused by a watering hole attack or an unpatched browser and operating system. The second most significant vector was the compromise of an accessible device—this occurs when threat actors discover a misconfiguration that exposes a device to the internet. Phishing ranked third among attack vectors.

This threat landscape report focuses on critical threats to the oil and gas industries, but it also includes some major general attacks and trends affecting the OT environment. In 2022, advanced persistent threat (APT) actors targeted eight times more oil and gas organizations for espionage than the previous year. One of their campaigns exploited vulnerabilities and weaknesses in specific components of relevant vendors in critical infrastructure organizations.

This report outlines the following:

The threat landscape and types of malwares affecting oil and gas sectors
The impact of COVID-19
Emerging cyberthreats due to cloud migration

This report also includes the following recommendations:

Assessment of vulnerabilities and prioritization of cybersecurity investments
Leading practices to help mitigate cyberthreats
MITRE ATT&CK^® tactics, techniques, and procedures (TTPs) approach

Fill out the form below to gain access to the report

First name*

Last name*

Email*

Company*

Title*

Location*

I agree to receive emailed reports, articles, event invitations and other information related to Deloitte products and services. I understand I may unsubscribe at any time by clicking the link included in emails.*

Yes No

The submission of personal information through this page is subject to Deloitte's Privacy Statement and Legal Terms. I have read and accept the terms of use.*

*Required

Get in Touch

Adnan Amjad US Cyber & Strategic Risk Offering Portfolio Leader Principal Deloitte & Touche LLP aamjad@deloitte.com	Jon Korol Deloitte US Cyber Offering & Detect & Respond Leader Partner Deloitte & Touche LLP jkorol@deloitte.com
Mike Kosonog Deloitte US Energy, Resources & Industrials Leader Principal Deloitte & Touche LLP mkosonog@deloitte.com	Kevin J. Urbanowicz Deloitte US Cyber Detect & Respond Advisory Managing Director Deloitte & Touche LLP kurbanowicz@deloitte.com
Clare Mohr Deloitte US Cyber Intelligence Lead Associate VP for Solution Delivery Deloitte & Touche LLP clmohr@deloitte.com	William Burns Deloitte US Cyber Detect & Respond Managing Director Deloitte & Touche LLP wburns@deloitte.com

¹ Eklavya Gupte, “ENERGY SECURITY SENTINEL: Cyberattacks surge in 2022 as hackers target commodities,” S&P Global Commodity Insights, October 10, 2022.
² Mayumi Nishimura, “Oil and gas cybersecurity: Trends & response to survey,” Trend Micro, October 13, 2022.

Fullwidth SCC. Do not delete! This box/component contains JavaScript that is needed on this page. This message will not be visible when page is activated.

Viewing offline content

Tax

Consulting

Audit & Assurance

Deloitte Private

M&A and Restructuring

Risk & Financial Advisory

AI & Analytics

Cloud

Diversity, Equity & Inclusion

Consumer

Energy, Resources & Industrials

Financial Services

Government & Public Services

Life Sciences & Health Care

Technology, Media & Telecommunications

Spotlight

Topics

Industries

More from Deloitte Insights

Careers

Students

Experienced Professionals

Job Search

Life at Deloitte

Alumni Relations

2022 Oil and Gas Sectors Threat Landscape

Global threat assessment by Deloitte Cyber Threat Intelligence

Fill out the form below to gain access to the report

Get in Touch

Recommendations

Link your accounts

Viewing offline content

2022 Oil and Gas Sectors Threat Landscape

Global threat assessment by Deloitte Cyber Threat Intelligence

Fill out the form below to gain access to the report

Get in Touch

Recommendations

Link your accounts

You previously joined My Deloitte using the same email. Log in here with your My Deloitte password to link accounts. | | Deloitte users: Log in here one time only with the password you have been using for Dbriefs/My Deloitte.

You've previously logged into My Deloitte with a different account. Link your accounts by re-verifying below, or by logging in with a social media account.

Looks like you've logged in with your email address, and with your social media. Link your accounts by signing in with your email or social account.