Petronas Crowdstrike: The Malaysia-Based Energy Giant’s Cybersecurity Incidents
As one of the world’s largest and most respected energy companies, Petronas plays a critical role in meeting the world’s growing energy demands. With a presence in over 60 countries and a diverse portfolio of energy production, processing, and marketing operations, Petronas is a leader in the energy sector. However, despite its many successes, Petronas has been affected by a series of cybersecurity incidents, highlighting the importance of robust cybersecurity measures in today’s digital age.
Background
Petronas, short for Petroliam Nasional Berhad, is a Malaysian public-listed energy company founded in 1974. The company is 64.14% owned by the Government of Malaysia, with the remaining shares listed on the Bursa Malaysia. Petronas is involved in a wide range of energy-related activities, including upstream and downstream operations, renewable energy, and petrochemicals.
Cybersecurity Incidents
In recent years, Petronas has been affected by several significant cybersecurity incidents. In 2019, the company reported a ransomware attack on its IT systems, which resulted in the disruption of business operations and the theft of sensitive data. The attack was attributed to a group of rogue cybercriminals who demanded a ransom in exchange for returning the stolen data.
In 2020, Petronas suffered a major data breach, which exposed sensitive information about its employees, contractors, and customers. The breach was attributed to a compromised username and password combination, which granted unauthorized access to the affected systems.
More recently, in 2022, Petronas reported a cybersecurity incident involving a phishing attack, which compromised the email accounts of several employees. The attack was carried out by a sophisticated phishing campaign, which bypassed the company’s security measures and allowed attackers to access sensitive information.
Crowdstrike Role
In the wake of these cybersecurity incidents, Petronas has enlisted the help of Crowdstrike, a leading cybersecurity firm specializing in incident response, threat intelligence, and managed security services. Crowdstrike is a US-based company co-founded by George Kurtz, a renowned cybersecurity expert.
Crowdstrike’s role in Petronas’ cybersecurity incidents has been to investigate and respond to the attacks, identify the perpetrators, and provide recommendations for improving the company’s cybersecurity posture. The firm’s expertise in threat intelligence and incident response has been invaluable in helping Petronas contain and mitigate the impact of these attacks.
Lessons Learned
The recent cybersecurity incidents affecting Petronas serve as a stark reminder of the importance of robust cybersecurity measures in today’s digital age. The company’s experience highlights the following key lessons:
Conclusion
Petronas Crowdstrike is a cautionary tale about the importance of cybersecurity in today’s digital age. Despite its many successes, Petronas has faced several significant cybersecurity incidents, highlighting the need for robust cybersecurity measures, incident response, and continuous investment in cybersecurity. As the energy sector continues to evolve, it is essential that companies like Petronas prioritize cybersecurity to protect sensitive data, ensure business continuity, and maintain stakeholder trust.