- If ChatGPT produces AI-generated code for your app, who does it really belong to?
- The best iPhone power banks of 2024: Expert tested and reviewed
- The best NAS devices of 2024: Expert tested
- Four Ways to Harden Your Code Against Security Vulnerabilities and Weaknesses
- I converted this Windows 11 Mini PC into a Linux workstation - and didn't regret it
Major Oilfield Supplier Hit by Ransomware Attack
A ransomware attack has significantly disrupted the operations of a key supplier to the US oil industry.
In a regulatory filing sent to the US Securities and Exchange Commission (SEC) on November 7, Texan company Newpark Resources said an unauthorized third party gained access to some of its internal information systems on October 29, an intrusion that led to a ransomware attack.
Newpark Resources is a worldwide provider of value-added drilling fluids systems and composite matting systems commonly used in oilfields.
Some of the company’s industry partners include the American Petroleum Institute, the Independent Petroleum Association of America (IPAA) and the US Chamber of Commerce.
Read more: The Colonial Pipeline Attack Eight Months On
Newpark’s Incident Response Plan Quickly Activated
In the SEC filing, Newpark Resources said that the attack had caused disruptions and limited access to some critical systems and business applications supporting aspects of its operations and corporate functions, including financial and operating reporting systems.
“However, the company’s manufacturing and field operations have continued in all material respects utilizing established downtime procedures,” the report added.
In response to this attack, Newpark engaged internal resources and external advisors to investigate and contain the incident, aligning with its cybersecurity response plan.
The company is still evaluating the scope and impact of the attack, especially concerning potential financial implications. However, it does not anticipate the incident will affect its financial stability.
“Based on the company’s current knowledge of the facts and circumstances related to this incident, the company believes that this incident is not reasonably likely to materially impact the company’s financial condition or results of operations,” read the report. “Should any of the relevant facts and circumstances substantively change, the company will make any required disclosures.”
US Oil and Gas Industry at Risk
The US energy sector is at a particularly high risk of supply chain attacks, with 45% of security breaches hitting this industry in the past year being third-party related, according to research published in October 2024 by SecurityScorecard and KPMG.
Andrew Lintell, general manager for EMEA at industrial cybersecurity provider Claroty, said the sector is poised to be at even higher risk following Donald Trump’s election, given the president-elect’s ambitions for expanding the oil industry.
“Critical sectors like oil and gas are a top target for ransomware attacks looking to disrupt critical industries. With the Trump administration stating that it is going to increase the number of oil drilling sites across the US, it’s clear that the sector will be under an increasing threat,” he said.
“With the US now the largest oil producer, even partial shutdowns of information systems can have serious implications on operational continuity and financial stability. As oil drilling becomes more advanced and interconnected operational technology (OT) usage grows, we will see more and more opportunities for cybercriminals to exploit weaknesses.”
Sign up to our upcoming webinar now: Navigating Exposures in Energy ICS Environments