Friday, August 17, 2012

Saudi Aramco Network Hit With Cyber-Attack

Apparently they shut down the network:
Saudi Aramco, Saudi Arabia’s national oil company and the largest in the world, has confirmed that is has been hit by a cyber attack that resulted in malware infecting user workstations, but did not affect other parts of its network.

“On Wednesday, Aug. 15, 2012, an official at Saudi Aramco confirmed that the company has isolated all its electronic systems from outside access as an early precautionary measure that was taken following a sudden disruption that affected some of the sectors of its electronic network,” the company wrote in a statement.

“The disruption was suspected to be the result of a virus that had infected personal workstations without affecting the primary components of the network.”

The company did not comment on the vector of attack or who may behind it, but insists its core operations have not been impacted as a result of the security breach.
Word is that this was due to the Disttrack malware that was only discovered yesterday:
Malware being used in a new series of targeted attacks has bucked the trend, choosing to destroy the computers it infects rather than just stealing sensitive information, security researchers said.

Called "Disttrack", the malware corrupts files, overwrites the infected machine's master boot record, and destroys the data so that it can't be recovered, according to reports from Symantec Security Response, Kaspersky Lab's Global Research and Analysis Team, and McAfee on Thursday. Disttrack has been observed in the Shamoon attacks, which has already affected at least one organization in the energy sector, Symantec said, but the company declined to provide any other details about the affected organization(s).
Given the unusual destructiveness of the malware, one can't help suspecting an Iranian or Syrian revenge operation - but no evidence one way or another at present.  Anyway, pretty interesting to have the world's largest oil company victim of a major cyberterrorism incident.

4 comments:

Susan Kraemer said...

Are you kidding? Two energy companies disrupted, one being THE largest oil company in the world, and the only enemy you can think of is the Iranians. My immediate thought was this was like an Occupy Wall Street protest, but for climate.

Interestingly, President Obama has been trying desperately to get cyber security measures -specially pertaining to key infrastructure like energy - passed, and Republicans have been preventing it - with the most recent filibustered vote on August 3.

Since the Saudis/big oil generally fund Fox, and hence Republicans, it almost seems fitting from that point of view too.

Greg said...

OK, so we are, after all, living in a B-grade techno-thriller.

One which has as background: flash crashes in the stock market, an increasingly unstable climate, flying killer 'robots', and ongoing corporate and inter-state cyberwar.

Hmm. Not sure I like this kind of story.

Stuart Staniford said...

Susan - maybe, but it seems more likely that western climate vigilantes would attack Exxon or one of the other IOCs.

Stuart Staniford said...

Greg: LOL