Are you really on mute and Oil companies facing ransomware attacks
Cyberinsights Weekly #40
Muted? Someone can still hear you…
“I’m sorry, I was on mute.” maybe the most used sentence in the virtual conference world, but according to this post, it appears that some apps still have access to the microphone. Are they listening?
As a cybersecurity professional, evaluate your organisation’s threat model. Does your organisation comprise of any people for whom this attack vector is possible?
In short, is there anyone in your organisation who nation states might want to snoop on? If so, then procure privacy specific hardware for these people.
The Librium-14 laptop comes with physical switches to disable the camera and microphone. The ministry of freedom (yes, that’s the name) offers privacy focused laptops as well. System76 offers Linux laptops that you can customise for privacy depending on your threat model.
Oil companies and ransomware attacks
Oil companies are soft targets for ransomware attacks.
The risk in case their Industrial Control Systems (ICS) do not function normally is huge. Oil India suffered a breach with a huge ransom demand on the 10th of April. Not much apart from the news item is known. There is no official press release from Oil India Limited about the attack.
Similar incidents were observed for Colonial Pipelines in June 2021. The World Economic Forum considers this a big risk as well.
If you are a cybersecurity professional in the Oil and Gas sector, review your risks. Make sure you and the board understand the criticality of cyber attacks on your network, both the IT network and the ICS network. Hammer this point with examples and outcomes. Repeat it as long as it takes to get the right resources in place.
CyberInsights is a weekly publication which focuses on 2 news items. Subscribe here: