Saudi oil company back online after cyber sabotage attempt

Powered by SC Magazine
 

But Saudi Aramco silent on Shamoon.

Saudi Arabia-based oil company Saudi Aramco said it has restored internal network services after about 30,000 workstations were infected earlier this month with an unknown piece of sabotage malware

The incident may be linked to the Shamoon virus, which researchers said has targeted other energy sector companies in the Middle East.

Though Saudi Aramco has yet to confirm whether it was impacted by Shamoon, which is a data-wiping trojan that overwrites computer files to render machines unusable, researchers have reason to believe this may be true – most notably, because Shamoon, also known as Disttrack, was discovered within a week of the Saudi Aramco attacks.

The company announced Sunday that its systems had been “cleaned and restored to service,” and employees resumed normal business operations on Saturday following the observance of the Muslim Eid holidays.

In a statement, Khalid Al-Falih, Aramco's president and CEO, said his company was not alone in being targeted by the virus. “Saudi Aramco is not the only company that became a target for such attempts, and this was not the first nor will it be the last illegal attempt to intrude into our systems,” he said. “We will ensure that we will further reinforce our systems with all available means to protect against a recurrence of this type of cyber attack.”

To prepare for such threats, companies should expect the worst, Jeffrey Carr, founder and CEO of Virginia-based security firm Taia Global, told SC on Monday.

“Companies need to assume that they've already been breached,” said Carr, who has been briefed on the Saudi Aramco attack from a source who used to work there. “It's not realistic that they can stop an attacker from getting in, especially if it's a multinational corporation with operations in more than one country.”

Carr advised companies to segregate their most critical data from other files on the network.

“You can monitor internally who has access to files and how it was accessed," he said. "You can't do that when you have millions and millions of files on your network, but you can do it for the critical ones.”

Several groups have claimed responsibility for the attack on Aramco, including The Cutting Sword Justice, Arab Youth Group and “angry internet lovers. All have posted documents on Pastebin, a website where users can store text online. Some of the posted materials include IP addresses from the hacked servers and internet service router passwords.

This article originally appeared at scmagazineus.com

Copyright © SC Magazine, US edition


Saudi oil company back online after cyber sabotage attempt
 
 
 
Top Stories
Innovating in the sleepy super industry
There’s little incentive to be on the bleeding edge, so why is Andrew Todd fighting so hard?
 
How technology will unify Toll
The systems headache formed through 15 years of acquisitions.
 
Immigration breached Privacy Act with data leak
Pilgrim slams "copy and paste" of asylum seeker data.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Who do you trust most to protect your private data?







   |   View results
Your bank
  39%
 
Your insurance company
  3%
 
A technology company (Google, Facebook et al)
  7%
 
Your telco, ISP or utility
  8%
 
A retailer (Coles, Woolworths et al)
  2%
 
A Federal Government agency (ATO, Centrelink etc)
  20%
 
An Australian law enforcement agency (AFP, ASIO et al)
  15%
 
A State Government agency (Health dept, etc)
  6%
TOTAL VOTES: 815

Vote