Proofpoint, Inc. released research identifying that only 25 (50%) of the top 50 Oil & Gas companies that have operations in the Middle East have a Domain-based Message Authentication, Reporting & Conformance (DMARC) record in place, meaning that half of them are leaving customers at heightened risk of email fraud. The lack of a DMARC record makes companies potentially more susceptible to cybercriminals spoofing their identity and increasing the risk of email fraud targeting their customers.
Perhaps more worryingly, only 5 out of 50 (10%) oil and gas companies have ‘reject’ in place, which means a whopping 90% are not proactively blocking fraudulent emails from reaching customers. Reject is the strictest and recommended level of DMARC protection, a setting, and policy that actually blocks fraudulent emails from reaching their intended target.
While the region’s oil and gas industry is navigating challenging times caused by sluggish prices and the coronavirus pandemic, it is also fending off surging cyber threats. The COVID-19 pandemic has seen a spike in highly targeted attacks against the energy industry, deployed through email. A spear-phishing campaign incorporating the malware Agent Tesla took place between March 31 and April 12, 2020. The supposed sender invited recipients to submit bid proposals for equipment and materials as part of an actual gas venture project half-owned by an Egyptian state oil company. The email was sent to more than 150 gas and oil companies, mostly located in Malaysia, the United States, South Africa, and Iran.
Emile Abou Saleh, Regional Director, Middle East, and Africa at Proofpoint, commented: “During the pandemic, oil and gas companies are relying heavily on digitalization to maintain business continuity. This has motivated targeted spear-phishing campaigns against the energy vertical. At a time when opportunistic cybercriminals are exploiting global uncertainty, a majority of the oil and gas companies in the region are leaving their customers vulnerable to email fraud. By not implementing adequate email protection they are exposing themselves to phishing, impersonation attacks, and other unauthorized use of corporate domains. This is despite email remaining the number one threat vector for cybercriminals.”
DMARC, which is an email validation protocol designed to protect domain names from being misused by cybercriminals, authenticates the sender’s identity before allowing the message to reach its intended designation. It verifies that the purported domain of the sender has not been impersonated and relies on the established DKIM (DomainKeys Identified Mail) and SPF (Sender Policy Framework) standards to ensure the email is not spoofing the trusted domain.
“Energy companies need to ensure that the communication methods they use are secure. We recommend implementing robust email defenses and inbound threat blocking capabilities (including deploying DMARC email authentication protocols),” added Emile Abou Saleh.