Agent Tesla Spyware Targets Oil And Gas Companies
By: Jim Stickley and Tina Davis
June 26, 2020
“The name’s Tesla, Agent Tesla.” No, it’s not the latest spy movie. But Agent Tesla is a spyware that’s currently targeting the gas and oil energy sectors. Energy companies have long been the subject of malware attacks, with most consumers unaware of the cybersecurity challenges these companies face every day. And the thought of using spyware like this to hack the oil and gas industries should be a concern to us all. So far, damage from Agent Tesla includes stealing system data and killing antivirus efforts. Some security experts are concerned that Agent Tesla spyware may be stealing gas and oil data for more nefarious purposes.
Since 2014, this info-stealing Trojan has been arriving via email spearphishing campaigns and completes successful business email compromise (BEC) scams. These BEC campaigns often impersonate trusted vendors and company leaders in order to work. When the BEC scam goes as planned, Agent Tesla steals data using keylogging (records keys struck on a keyboard) as well as having remote access Trojan (RAT) abilities. It’s serious business when 91% of successful data breaches start with spearphishing campaigns. Just one successful BEC attack is all it takes to successfully drop malware like data-stealing Agent Tesla, ransomware, banking Trojans, and more.
An e-threat analyst at Bitdefender suggests “While the spearphishing attacks on oil & gas could be part of a business email compromise scam, the fact that it drops the Tesla Agent info stealer suggests these campaigns could be more espionage focused…Threat actors that might have some stakes in oil & gas prices or developments may be responsible…”
According to Bitdefender, the purpose of the latest Agent Tesla attacks varies depending on who’s doing the phishing. One spearphishing campaign saw threat actors abusing and impersonating the reputation of the Egyptian state oil company ENPPI. Another incident involved emails claiming to be from a shipment company. These emails used industry jargon and true information to look and sound legitimate when targeting victims in the Philippines. In both cases, Agent Tesla was used in the emails to infect their targets and steal their data.
Regardless of what industry you work in or spend your time working with, BEC can still happen. Always be on the lookout for phishing email messages. If you receive anything from an unknown sender, a link or attachment that is not expected, or anything that gives off the tiniest bit of doubt of its authenticity, don’t click anything. Contact the sender by phone, text, or new and separate email message to confirm. For any requested wire transfers or payments to vendors, verify they are legitimate and always make sure to have at least two persons confirm wire transfers. If there is an email request to change payment information, call the vendor or service provider to confirm it as well. Just replying to email or sending a confirmation reply text is not recommended.
In addition, always be careful about sharing too much information on social media, including business network sites. Be as generic as you can about your job role, particularly if you work in finance, accounting, or human resources, or if you are an executive. These people are often targeted for BEC and spearphishing campaigns.