SixMap Study Reveals Critical Cybersecurity Gaps in US Energy Sector: Houston Businesses Must Act Now

TL;DR: A comprehensive study of 21 major energy companies revealed nearly 60,000 internet-exposed services with 5,756 vulnerabilities, including 377 that are actively exploited by nation-state actors and cybercriminals. The research exposes critical blind spots in traditional security tools that could leave Houston energy businesses vulnerable to devastating cyberattacks.

The American energy sector faces an unprecedented cybersecurity crisis. Recent research conducted by SixMap has uncovered alarming vulnerabilities across 21 major energy providers, revealing systemic weaknesses that put critical infrastructure at risk. For Houston’s energy businesses – the heart of America’s energy capital – these findings serve as a wake-up call that demands immediate attention.

 The Scope of the Vulnerability Crisis

SixMap’s comprehensive assessment examined the external attack surfaces of 21 leading energy organizations, analyzing nearly 40,000 IP addresses and scanning all 65,535 ports per host. What they discovered paints a troubling picture of persistent risk and dangerous blind spots.

The research identified 58,862 services exposed to the internet across these organizations. Of particular concern is that approximately 7% of these services – nearly 4,000 – were running on non-standard ports that fall outside the scope of traditional security scans. This creates a dangerous visibility gap where vulnerable services can operate undetected.

Key findings from the assessment include:

• 5,756 total vulnerabilities discovered across all organizations
• 377 vulnerabilities actively exploited by known threat actors
• 304 vulnerable services running on non-standard ports
• 43 systemic vulnerabilities present in at least 45% of organizations
• Every organization had IPv6 addresses in use, averaging 107 IPv6 assets per company

The variation in vulnerability exposure was stark. While one organization achieved zero external vulnerabilities, another outlier had 2,875 vulnerabilities – many stemming from outdated Apache web servers running across multiple hosts and ports.

(Managed Services Provider Houston Cybersecurity – Source: SixMap)

 How Attackers Exploit These Weaknesses

The vulnerabilities identified in the study create multiple pathways for cybercriminals and nation-state actors to infiltrate energy systems. Traditional attack surface management tools typically scan only the top 1,000 to 5,000 most common ports, leaving thousands of potential entry points unmonitored.

Attackers exploit these gaps through several methods:

• Targeting services running on obscure ports like 21098 and 41094
• Leveraging known vulnerabilities in SSH, HTTP, SMTP, and DNS services
• Exploiting IPv6 assets that remain invisible to traditional scanning tools
• Taking advantage of shadow IT assets unknown to security teams
• Using automated tools to discover and exploit unpatched systems

The study revealed critical vulnerabilities such as CVE-2023-38408, a critical SSH vulnerability linked to the North Korean threat group Silent Chollima, which was found in 16 of the 21 companies evaluated.

(8 Services Most Commonly Found to be Vulnerable to Attack – Source: SixMap)

 The Threat Actors Behind the Attacks

The research identified several sophisticated threat groups actively exploiting vulnerabilities in the energy sector:

Silent Chollima (North Korea) – A state-sponsored group with activity dating back to 2007, initially focused on espionage but increasingly conducting financially motivated extortion campaigns. They target government, defense, energy, aerospace, NGOs, education, and news media organizations.

ExCobalt (Russia) – A financially motivated cybercriminal group best known for targeting financial institutions and ATM networks through high-level social engineering and malware deployment.

Ethereal Panda (China) – A Chinese state-sponsored APT group involved in cyber-espionage, particularly targeting defense, technology, and government organizations through large-scale intelligence-gathering campaigns.

Ryuk Ransomware Group (Russia) – A notorious ransomware operation primarily financially motivated, targeting large organizations for extortion and becoming infamous for disrupting hospitals, municipalities, and major companies worldwide.

These groups demonstrate the global nature of threats facing the energy sector, with state-sponsored actors seeking intelligence and financially motivated criminals targeting operational disruption.

(Threat Actor Activity – Source: SixMap)

 Who Is at Risk

The cybersecurity vulnerabilities exposed in this groundbreaking study represent a clear and present danger to virtually every segment of America’s energy infrastructure. The findings reveal that no organization – regardless of size, resources, or perceived security posture – is immune to these systemic weaknesses. What makes this threat particularly insidious is how it targets the very foundation of our modern economy and daily life.

The energy sector’s interconnected nature means that a successful cyberattack on one organization can cascade throughout the entire supply chain, potentially causing widespread blackouts, fuel shortages, and economic disruption. The study’s revelation that 43 unique vulnerabilities were present across at least 45% of organizations demonstrates how a coordinated attack could simultaneously compromise multiple critical infrastructure providers.

The research findings have particularly serious implications for Houston’s energy sector businesses:

• Oil and Gas Companies – Major producers and refiners with complex digital infrastructure spanning multiple locations and operational technology systems.
• Power Generation Facilities – Electric utilities and independent power producers managing critical grid infrastructure and generation assets.
• Pipeline Operators – Companies operating the vast network of pipelines that transport energy resources across Texas and beyond.
• Energy Service Providers – Supporting businesses including drilling contractors, engineering firms, and equipment manufacturers.
• Small to Medium Energy Businesses – Companies that may lack the cybersecurity resources of larger enterprises but still face significant threats from automated attacks and opportunistic criminals.

The study’s revelation that 43 unique vulnerabilities were present across at least 45% of organizations suggests systemic risks that could enable widespread, industry-disrupting attacks.

(Vulnerabilities by Severity – S

 Remediation Strategies and Security Measures

Traditional cybersecurity approaches have proven inadequate against sophisticated threats targeting critical infrastructure. The research demonstrates that attackers exploit blind spots in legacy security tools, with 377 vulnerabilities actively being exploited in the wild by known threat actors. Organizations must adopt proactive security measures that address their complete digital attack surface, including non-standard ports and IPv6 assets that typically go unmonitored.

Organizations must take immediate action to address these critical vulnerabilities:

• Comprehensive Port Scanning – Implement security tools that scan all 65,535 ports rather than just the top 5,000, ensuring complete visibility into exposed services.
• IPv6 Asset Discovery – Deploy solutions capable of discovering and monitoring IPv6 assets, as every organization in the study had IPv6 addresses in use despite many believing they had none.
• Vulnerability Prioritization – Focus immediately on the 377 vulnerabilities known to be exploited in the wild, as these represent the highest risk for immediate compromise.
• Shadow IT Detection – Implement robust asset discovery processes to identify unknown systems that may be running outdated software with multiple vulnerabilities.
• Regular Security Assessments – Conduct frequent external attack surface assessments to identify new exposures and ensure comprehensive coverage.
• Threat Intelligence Integration – Monitor threat actor activities and tactics to understand how vulnerabilities might be exploited in real-world attacks.
• The study emphasizes that CVEs with known exploitation activity should never be present in external attack surfaces and must be prioritized for immediate remediation.

 How CinchOps Can Help Secure Your Business

As a leading managed services provider in Houston, CinchOps understands the critical cybersecurity challenges facing energy sector businesses. Our comprehensive cybersecurity solutions are specifically designed to address the vulnerabilities revealed in this groundbreaking study.

CinchOps provides complete cybersecurity protection through our specialized services:

• Advanced Network Security – CinchOps implements comprehensive monitoring across all ports and protocols, ensuring no vulnerable services go undetected in your infrastructure
• Managed IT Support Near Me – Local Houston cybersecurity professionals who understand the unique challenges facing energy businesses in our region
• 24/7 Security Monitoring – Continuous surveillance of your network infrastructure to detect and respond to threats before they can cause damage
• Vulnerability Management – Regular assessments and immediate remediation of critical vulnerabilities, prioritizing those known to be exploited in the wild
• IPv6 Security – Specialized expertise in discovering and securing IPv6 assets that traditional tools often miss
• Incident Response – Rapid response capabilities to contain and remediate security incidents when they occur

CinchOps serves as your trusted cybersecurity partner, providing the expertise and resources necessary to protect your energy business from the sophisticated threats targeting our industry. Don’t let your organization become another statistic in the growing list of energy sector cyberattack victims.

 Discover More 

Discover more about our enterprise-grade and business protecting cybersecurity services: CinchOps Cybersecurity
Discover related topics: OT Cybersecurity Under Attack: Executive Leadership Steps Up as Threats Escalate in 2025
For Additional Information on this topic: US energy sector unprepared for rising cyber threats, critical blind spots leave systems exposed

FREE CYBERSECURITY ASSESSMENT