Oil rig data leaks raise terrorism threat
July 2024 by CyberNews
In November 2023, Cybernews researchers discovered an openly accessible storage with over 1.5 million sensitive files. The files contained personal employee information and operational data from multiple energy companies.
The research team has been able to attribute the leak to WorldLive LLC, a Louisiana-based company that specializes in tracking employee training, managing assets, and creating maintenance schedules for energy companies.
Some of the examined files were connected to ExxonMobil and Guyana Revenue Authority, JP Oil Holdings, Broussard Brothers, and Noble Energy, acquired by Chevron Corporation. However, given the scope of the leak, more companies could be affected.
The leak was caused by missing authentication on Azure Cloud Storage Blob – a cloud-based service from Microsoft Azure that allows users to store and manage large amounts of unstructured data such as text, binary data, and media files.
The leaked data includes:
Employee names
Addresses
Phone numbers
Dates of birth
Social Security numbers (SSN)
Physical examination and drug test forms
Scanned documents
Employee certificates
Templates for employee cards
Employee resumes with photos
On-site assessment forms with photos of critical infrastructure
The risk of attacks
Cybersecurity neglect by the companies’ service provider is highly concerning, as the energy sector is considered a critical infrastructure. Apart from the devastating effects in the case of an attack, the sector is highly targeted by malicious actors.
"Critical infrastructure has been increasingly targeted by hacktivists in the last couple of years. Critical infrastructure has always been a prime target for Advanced Persistent Threat (APT) groups," said Aras Nazarovas, a security researcher at Cybernews. "We have also seen such attacks done for financial gain, as was the case in the Colonial Pipeline Ransomware attack."