Threat Watch

Rosneft Deutschland Hit with Cyber Attack

The German branch of the Russian oil company Rosneft has reported a data leak. The attack was reported last weekend on the 12th, but the Anonymous group made statements in days prior, taking credit for the attack. The group claimed to have stolen around 20 TB of private data, with effects of the attack also taking certain Rosneft services offline. Oil refineries and pipelines have continued their regular operation with no interruption. Other oil companies have been warned of the heightened risk of attacks moving forward, but for energy companies that have no ties to Russia, the likelihood of that company being hit is lessened. It is worth noting that Anonymous has claimed that they targeted numerous other Russian linked companies and institutions such as the Kremlin itself, the defense ministry, the Duma lower house of parliament and pro-Kremlin Russian media.


This is more than likely not the last company we see Anonymous targeting in relation to the Ukrainian crisis. To reduce the chance of cyber-attacks creating a large-scale negative impact, companies should take proactive measures, including:
• Regularly back up data, air gap, and password protect backup copies offline.
• Ensure copies of critical data are not accessible for modification or deletion from the system where the data resides.
• Implement network segmentation
• Implement a recovery plan to maintain and retain multiple copies of sensitive or proprietary data and servers in a physically separate, segmented, secure location (i.e., hard drive, storage device, the cloud).
• Install updates/patch operating systems, software, and firmware as soon as practical after they are released. Implement monitoring of security events on employee workstations and servers, with a 24/7 Security Operations Center to detect threats and respond quickly.
• Use multifactor authentication where possible.
• Use strong passwords and regularly change passwords to network systems and accounts, implementing the shortest acceptable timeframe for password changes.
• Avoid reusing passwords for multiple accounts.
• Focus on cyber security awareness and training.
• Regularly provide users with training on information security principles and techniques as well as overall emerging cybersecurity risks and vulnerabilities.