According to a report by Searchlight Cyber, threat actors have been offering access to energy sector organizations, including their industrial control systems (ICS) and operational technology (OT) systems. The analysis conducted by the UK-based threat intelligence company reveals that numerous offers for initial access into energy sector environments have been found on cybercrime forums, dark web sites, and marketplaces.
The auctioned access often includes remote desktop protocol (RDP) access, compromised credentials, or entry through device vulnerabilities.
Prices for access range from as little as $20 to $2,500, depending on factors such as target size, location, and the potential for supply chain attacks.
While many offers are focused on access to corporate systems, some threat actors have also offered resources targeting ICS/OT systems. These resources provide information on conducting searches, finding vulnerabilities, and exploiting ICS systems.
The report highlights the concern that even unsophisticated attackers with access to such resources can compromise industrial systems, as evidenced by recent hacktivist attacks.
Although the report does not provide specific examples of threat actors offering access to ICS systems, Searchlight Cyber confirms that its threat intelligence team has observed such activity on dark web forums.
Ian Garratt, a threat intelligence analyst at Searchlight Cyber, emphasizes that access to ICS systems is a top priority concern for security professionals in energy organizations.
He explains that while the open discussion of this technology on dark web forums raises concerns, it also allows defenders to assess attackers’ capabilities and monitor their evolution as credible threats over time.
Garratt emphasizes the need for continuous monitoring to detect any signs of compromise in corporate or industrial infrastructure. The report from Searchlight Cyber also provides instructions on how energy sector companies can utilize this intelligence for threat modeling, helping them enhance their security posture.
