Title: “Threat Intel and Recon”

CPE Credit: 1 Hour

Abstract:

“The Oil & Gas industry has historically been targeted by opportunistic threat actors wishing to carry out disruptive attacks. However, as the industry becomes more connected, it becomes more vulnerable to attack. Financially motivated cybercriminals – particularly those involved in ransomware – have realized this can be turned into big profit. In addition, the targeting and timing of some ransomware incidents suggest they are pursuing “hybrid” goals: earning money for the threat actors but also aligning with the strategic goals of countries like Russia, which seeks to maintain its dominance in fossil-fuel export markets.

The Colonial Pipeline attack brought this firmly into the spotlight. The Ukraine/Russia conflict has heightened the political side of cybercrime activity, with actors dividing over ideological lines and targeting the energy sector consistent with attempts to undermine and incapacitate adversary countries. It becomes more difficult to distinguish hacktivist, criminal and state activity. At the same time, as the war enters a new phase, cyber criminal communities face new challenges and are evolving in unpredictable ways. A recent alert issued by the Ukrainian CERT about a prominent hacktivist group using Initial Access Brokers, infostealer malware, compromised VPNs and Cobalt Strike to carry out a data wiper ransomware attack against its targets indicates a diversification of toolsets and lower barriers to entry for such attacks. This presentation looks at the current energy sector cyber threat intelligence landscape, and the principal threats to ONG-ISAC members emanating from the Dark Web.”

Speakers & Bios:

Howard Marshal – Managing Director and Global Lead, Cyber Threat Intelligence

Before joining Accenture, Howard enjoyed a 20+ year career with the FBI before retiring as the Deputy Assistant Director of the FBI’s Cyber Division.  Howard was assigned to multiple national security assignments and initiatives during his career to include the executive leadership of the National Cyber Investigative Joint Task Force.  He held six other positions during his tenure, to include Special Agent in Charge of the Louisville Field Office.  Howard received a BA and JD from the University of Arkansas at Fayetteville and completed Carnegie Mellon’s CISO certification course in 2016.

Nellie Ohr – Security Innovation Principal, Cyber Threat Intelligence

Nellie is part of the Strategic and Industry Intelligence team in Accenture’s Cyber Threat Intelligence (ACTI) practice. Nellie monitors and analyzes cyber-crime, cyber-espionage, and hacktivist activities involving Russia and other Eurasian countries, as well as the networks, institutions, and political and cultural context in which they take place. Trained at Harvard and Stanford, Nellie conducts research in Russian, French, German, and other languages.

Paul Mansfield – Security Consulting Manager, Cyber Threat Intelligence

Paul has been with Accenture Cyber Threat Intelligence (ACTI) since July 2019 within the Reconnaissance team, dealing with threats emanating from the Dark Web.  He joined Accenture from Barclays Bank, where he performed a similar role focusing on cyber threats to the Financial sector – prior to this he has a background in law enforcement, spending 7 years with the National Crime Agency (NCA).