PHOTO
Dubai, UAE: Proofpoint, Inc., (NASDAQ: PFPT) a leading cyber security and compliance company, today released research identifying that only 25 (50%) of the top 50 Oil & Gas companies that have operations in the Middle East have a Domain-based Message Authentication, Reporting & Conformance (DMARC) record in place, meaning that half of them are leaving customers at heightened risk of email fraud. The lack of a DMARC record makes companies potentially more susceptible to cybercriminals spoofing their identity and increasing the risk of email fraud targeting their customers.
Perhaps more worryingly, only 5 out of 50 (10%) oil and gas companies have ‘reject’ in place, which means a whopping 90% are not proactively blocking fraudulent emails from reaching customers. Reject is the strictest and recommended level of DMARC protection, a setting and policy that actually blocks fraudulent emails from reaching their intended target.
While the region’s oil and gas industry is navigating challenging times caused by sluggish prices and the coronavirus pandemic, it is also fending off surging cyber threats. The COVID-19 pandemic has seen a spike in highly targeted attacks against the energy industry, deployed through email. A spear-phishing campaign incorporating the malware Agent Tesla took place between March 31 and April 12, 2020. The supposed sender invited recipients to submit bid proposals for equipment and materials as part of an actual gas venture project half-owned by an Egyptian state oil company. The email was sent to more than 150 gas and oil companies, mostly located in Malaysia, the United States, South Africa and Iran.
Emile Abou Saleh, Regional Director, Middle East and Africa at Proofpoint, commented: “During the pandemic, oil and gas companies are relying heavily on digitalization to maintain business continuity. This has motivated targeted spear phishing campaigns against the energy vertical. At a time when opportunistic cyber criminals are exploiting global uncertainty, a majority of the oil and gas companies in the region are leaving their customers vulnerable to email fraud. By not implementing adequate email protection they are exposing themselves to phishing, impersonation attacks and other unauthorised use of corporate domains. This is despite email remaining the number one threat vector for cybercriminals.”
DMARC, which is an email validation protocol designed to protect domain names from being misused by cybercriminals, authenticates the sender’s identity before allowing the message to reach its intended designation. It verifies that the purported domain of the sender has not been impersonated and relies on the established DKIM (DomainKeys Identified Mail) and SPF (Sender Policy Framework) standards to ensure the email is not spoofing the trusted domain.
“Energy companies need to ensure that the communication methods they use are secure. We recommend implementing robust email defences and inbound threat blocking capabilities (including deploying DMARC email authentication protocols),” added Emile Abou Saleh.
© Press Release 2021
Disclaimer: The contents of this press release was provided from an external third party provider. This website is not responsible for, and does not control, such external content. This content is provided on an “as is” and “as available” basis and has not been edited in any way. Neither this website nor our affiliates guarantee the accuracy of or endorse the views or opinions expressed in this press release.
The press release is provided for informational purposes only. The content does not provide tax, legal or investment advice or opinion regarding the suitability, value or profitability of any particular security, portfolio or investment strategy. Neither this website nor our affiliates shall be liable for any errors or inaccuracies in the content, or for any actions taken by you in reliance thereon. You expressly agree that your use of the information within this article is at your sole risk.
To the fullest extent permitted by applicable law, this website, its parent company, its subsidiaries, its affiliates and the respective shareholders, directors, officers, employees, agents, advertisers, content providers and licensors will not be liable (jointly or severally) to you for any direct, indirect, consequential, special, incidental, punitive or exemplary damages, including without limitation, lost profits, lost savings and lost revenues, whether in negligence, tort, contract or any other theory of liability, even if the parties have been advised of the possibility or could have foreseen any such damages.
