29 June 2023

Cyber incidents in offshore industry


Why has the offshore industry become a target for cybercriminals?

Amin Nasser, Saudi Arabia’s state oil giant Aramco CEO, said in an interview during the Artificial Intelligence Summit in Riyadh that cyberattacks are one of the top problems the company is facing. He knows what he’s saying – in 2021, hackers demanded $50m from Saudi Aramco as a ransom for 1 terabyte of leaked company files. 


What makes the industry such a common target for the threat actors?


Highly likely to pay the ransom

With how virtually every industry depends on regular oil and gas supplies, criminals know that oil or gas platform owners can’t afford to halt or shut down their production. And that means they can count on getting their demands met faster.


In fact, energy, oil, and gas companies are said to be among the most likely companies to pay the ransom. WSJ Pro Research found that 43% of energy and utility companies would seriously consider paying the ransom for their data.


Outdated infrastructure

Many offshore companies still use legacy systems and outdated technology in their facilities, as replacing those would be too costly or complicated. However, those tools or devices often don’t get software updates or security patches anymore, leaving them more vulnerable to attacks. Hackers can then use the one obsolete device or program to gain access to the entire network and spread the attack further.


Complex infrastructure

With how large both the IT and OT infrastructure in offshore companies is, securing all endpoints and spotting all vulnerabilities is nearly an impossible task. For hackers, finding the one spot through which they can disrupt the systems or steal the data inside is a very easy task though.


What’s more, since offshore facilities are now often interconnected, hackers can quickly spread the attack to several other locations to cause even more damage.


What are the potential consequences of a cyberattack on the offshore industry?

Another thing that puts pressure on offshore companies when they are dealing with a cyberattack is how severe the consequences of the attack might be, such as:


Equipment damage

By gaining access to the internal systems or stealing data related to drilling systems, pipelines, or control systems, cybercriminals can manipulate the parameters and, in this way, damage the equipment. This would force the offshore companies to put the machines on downtime until they are repaired or replaced – meaning significant financial losses.


Threat to human safety

Most of the equipment and work condition monitoring and emergency response systems are now connected to the internet as well. By breaching those, threat actors could, for example, cut off the communication lines or shut off the safety systems responsible for monitoring the work conditions of the offshore crew.


In extreme cases, such an attack could lead to accidents, injuries, or even deaths of the workers on the offshore platform – for example, when hackers take over the cranes used for loading and unloading. 


Environmental disasters

Cyberattacks on offshore companies can also have severe, long-lasting environmental consequences. Damage to the equipment could, for example, cause oil or other toxic substance to leak into the ocean. This would pose a grave threat to both marine life and coastal communities.   


Economic Impact

What makes the effects of cyberattacks on offshore companies especially dramatic is that the disruptions can have ripple effects on the economy, affecting energy supplies, prices, and overall market stability. For example, an attack on a gas rig might force the company to temporarily reduce or stop sending gas to their clients, affecting their daily operations (and revenue) as well.


That’s why cyberattacks on critical infrastructure often are launched not only for financial but geopolitical or ideological reasons as well.


The ransomware attack on the US colonial pipeline and its consequences

The attack on Colonial Pipeline in May 2021 made the headlines as it was the largest attack on the oil infrastructure in the history of the United States. 


On May 7th, the Colonial Pipeline was forced to shut down its 5,500 miles of pipeline after its IT network was infected with ransomware by a hacker group Dark Side. While the company’s OT lines were apparently not affected, the company feared that the hackers might repeat the attack using the 100 GB of data they stole from the network and decided to shut down all of their systems. 


After the company paid the 75 Bitcoins ransom (around $4.4 million at that time), the Dark Side group did send them a decryption key so that Colonial Pipeline could regain access to their data. However, the decryption tool was apparently so slow that the business had to rely on its own backups to help bring the systems back.


The pipeline was restarted on May 12, and all systems and operations had returned to normal by May 15.


What were the consequences of the attack?

Since Colonial Pipeline supplies nearly half of the fuel for the East Coast (including gasoline, diesel fuel, and heating oil), the attack was felt across multiple states. 


Gas Buddy, an application for monitoring fuel demand, prices, and shortages, found that by 4 PM: 

were already without gasoline, as people were buying in a panic. Shortages were also reported in Tennessee (18%), Florida (14%), Maryland (13%), and Washington DC (12%). The situation got so severe, The Department of Transportation’s Federal Motor Carrier Safety Administration issued a regional emergency declaration for 17 states and Washington, DC, to keep fuel supply lines open. 


And what caused this chaos in the first place? According to investigators, it was a one stolen VPN password through which the hacker group could enter the main network. That’s how much it took for the Dark Side group to cause widespread panic across the entire East Coast. 


How could SOCaaS teams aid offshore companies in protecting their network?

The ransomware attack on Colonial Pipeline shows well just how much chaos can result from just one cyberattack if it targets critical industries – and how crucial it is for those industries to bolster the security of their networks. Hiring cybersecurity experts for an in-house team isn’t easy or cheap though – especially with how hard they are to find.


Thankfully, modern technology also came with a solution to the problem in the form of a SOCaaS (Security Operation Team as a Service). SOCaaS is a cybersecurity service provided by third-party companies through which businesses can “hire” a cybersecurity team to monitor and protect their network. 


That way, they don’t need to build their own cybersecurity team in-house or build specialized software and hardware but can instead rely on the experience and infrastructure of the SOCaaS provider. The SOCaaS team members can also handle all of the tasks a regular cybersecurity team would, such as: 


Continuous monitoring and threat detection

SOCaaS team can monitor the offshore company’s network round the clock to swiftly identify potential threats and attacks. As they have plenty of sophisticated tools at their disposal and know how to make the best use of those, they can quickly notice any suspicious activity on the network and prevent it from causing damage to the systems.  


Incident response and mitigation

SOCaaS team members also have experience dealing with various types of cyberattacks and have ready procedures on how to contain the incident, minimize damage, and restore normal operations as quickly as possible. That way, they can quickly pick the best way to prevent the attack from impacting the offshore company operations and protect the data from breaches. 


Vulnerability Management

To minimize the risk of cyberattacks disrupting offshore operations, SOC teams can perform regular vulnerability assessments to identify any weak points in their network infrastructure. Then they will implement security patches and updates to the system to mitigate vulnerabilities and ensure systems are adequately protected against potential threats.


Threat Intelligence and Analysis

SOC teams stay on top of the latest cyber threats and trends thanks to continuous threat intelligence gathering. By analyzing this data, they can proactively identify emerging threats and potential risks, also those that are specifically targeting the offshore industry. This enables them to develop effective strategies and countermeasures to protect the network from new types of threats.


Security Awareness and Training

SOC professionals can also run regular security awareness training for the offshore company’s staff. For example, they can educate employees on how to handle sensitive data, create strong passwords, or what to do when they get a suspicious message. By enhancing the workers’ cybersecurity knowledge, SOC teams can empower them to become the first line of defense against potential threats.


Do you want to fortify your offshore company network against ever-evolving cyber threats but don’t have time (or budget) for an in-house cybersecurity team? CyberDefender can help.  


Our team of experienced cybersecurity professionals can keep an eye on your network so any potential breaches or malicious activities are identified and handled right away, 24/7. And if your offshore company has any specific security needs or requirements, we’ll be happy to customize the solution for you as well. 


Meet with our cybersecurity experts to learn how we can help you improve your offshore company’s cybersecurity.



Falling victim to a cyberattack can have dramatic consequences for offshore companies – ones that can potentially spread across the entire country. And as the industry relies on digital technology now more than ever, the number of attacks on them will most likely only increase.    


The only way offshore companies can stop the threat actors in their tracks is by implementing robust security measures. By partnering with a SOCaaS team, offshore companies can quickly learn how to shield their network, equipment, and data from criminals though. And while the cybersecurity experts will guard their data and equipment from harm, the offshore industry can finally enjoy the benefits of digitalization – without worrying about cyberattacks damaging their company.  




+48 58 380 01 10

Office of the company
ul. Uphagena 27,
80-237 Gdańsk, Poland

Wrocław branch
ul. Księcia Witolda 43,
50-202 Wrocław, Poland