In the wake of the Colonial Pipeline Co. attack earlier this year that interrupted fuel supplies on the U.S. East Coast, attacks on critical infrastructure companies have become a severe issue. Future attacks are given in the years ahead, but how are attackers targeting companies in the energy sector?

Mobile phishing is one area with a new report today from Lookout Inc. finding disturbing trends as hackers and advanced persistent threat groups seek out more significant targets.

Based on telemetry from more than 200 million devices, 150 million apps and detections from the Lookout Security Web Gateway, the report finds that mobile phishing targeting in the energy industry surged 161% between the second half of 2020 and the first half of 2021. That figure represents a full 20% of all energy employees being targeted by a mobile phishing attack in the first half of 2021.

Overall interest in targeting the energy industry is also rapidly increasing. More than 17% of all cyberattacks originating on mobile endpoints targeted energy organizations in the first half of the year, making the industry the biggest target of cybercriminals and nation-state-sponsored attackers. The average mobile app threat exposure rate was 7.6% — nearly double the average of all other industries combined.

Riskware and vulnerabilities were found to be the cause of 95% of mobile app threats, while 56% of Android users in the energy sector were exposed to additional vulnerabilities due to running out-of-date versions of the Android operating system.

The report also notes that the attack surface of energy organizations is ever-increasing because of complex supply chain relationships and digital transformation initiatives. Added to this are organizations shifting workloads to mobile devices and cloud applications. The ecosystem exposes energy companies to significant cyber risks where a single vulnerability could expose the entire supply chain.

“As the energy industry modernizes and relies more heavily on mobile devices and cloud solutions, these insights into mobile phishing and app threats can help organizations strengthen their security program,” noted Stephen Banda, senior manager of security solutions at Lookout and the author of the report.

The report concluded by noting the importance for energy organizations to secure mobile endpoints that employees use to gain access to corporate resources and operation technologies.

“Phishing attacks, mobile app threats and outdated operating systems present a heightened risk to the already strained energy industry,” Banda added.

Photo: Colonial Pipeline