Aramco Says Cyberattack Was Aimed at Production
JEDDAH, Saudi Arabia (Reuters) — Saudi Arabia’s
national oil company, Aramco, said on Sunday that a cyber-attack against it in
August that damaged some 30,000 computers was aimed at stopping oil and gas
production in Saudi Arabia, the biggest exporter in the Organization of the
Petroleum Exporting Countries.
The attack on Saudi Aramco — which supplies a
tenth of the world’s oil — failed to disrupt production, but was one of the
most destructive hacker strikes against a single business.
“The main target in this attack was to stop the
flow of oil and gas to local and international markets and thank God they were
not able to achieve their goals,” Abdullah al-Saadan, Aramco’s vice president
for corporate planning, said on Al Ekhbariya television. It was Aramco’s first
comments on the apparent aim of the attack.
Hackers from a group called Cutting Sword of
Justice claimed responsibility for the attack, saying that their motives were
political and that the virus gave them access to documents from Aramco’s
computers, which they threatened to release. No documents have yet been
published.
Aramco and the Saudi Interior Ministry are
investigating the attack. A ministry spokesman, Maj. Gen. Mansour al-Turki,
said the attackers were an organized group operating from countries on four
continents.
The attack used a computer virus known as
Shamoon, which infected workstations on Aug. 15. The company shut its main
internal network for more than a week. General Turki said the investigation had
not shown any involvement by Aramco employees. He said he could not give more
details because the investigation was not complete.
Shamoon spread through Aramco’s network and
wiped computers’ hard drives clean. Aramco said damage was limited to office
computers and did not affect systems software that might harm technical
operations.
Resource:
http://www.nytimes.com/2012/12/10/business/global/saudi-aramco-says-hackers-took-aim-at-its-4production.html?_r=0
------------------------------------------------------------------
What are the things that Aramco should do to prevent such attacks?
Generic Decryption- because this technology have an
impact on encryption viruses. Also, helps antivirus soft wares to scan and
detect many complex polymorphic viruses and malware in high speed. In this case
the method was used is virus –based method .So, using generic decryption will
help Aramco to protect their office computers against many viruses even if it’s
encrypted. That’s mean the data (which is the target in this case) inside the
computers will also be protected from any viruses send by hackers. (Razan)
Intrusion Prevention System
(IPS)-
because this system will protect the network of Aramco Company by detecting and
preventing any malicious activity to enter to the Aramco’s network. Regarding
Aramco case, the virus was spread to the computers by the network. So, by using
IPS any future attack to Aramco will be detected, stopped and reported by the
IPS. (Razan)
Back up- As a countermeasure, Aramco
must ensure that the system that store sensitive information is automatically
backed up more than once a week. In order to restore the system as rapidly as
possible and avoid loss of availability that actually happened when Aramco shut
its main internal network down for more than week. For more security assurance,
the backup versions must be protected using encryption and physical protection.
(Norah)
Ethical hacking+ Proxy- Aramco have to conduct
effective ethical hacking sessions periodically to identify internal
vulnerabilities that the attacker could use to exploit the network successfully
and then get sensitive and confidential documents that Aramco is not willing to
see them on Google. As well as Aramco must prevent the direct connection to the
Internet, and make all the network connections through a proxy that contains
all information assigned in, in order to reduce chances of getting viruses come
from Internet like Shamoon. (Norah)
Vaccine Software - Aramco must not only install
antivirus software to protect against viruses, but it also has to be kept
up-to-date. When using the latest virus scanning engine and virus definition
files. Day-by-day new viruses can be detected. Even though it might look the
same as existed viruses, they may in fact be the subspaces of a specific virus.
(Kindah)
Company policy – should include and state
that employees must never open any files or macros attached to an e-mail from
an unknown, suspicious, or untrustworthy source. Also never open any files or
macros attached to an e-mail from a known source (even a coworker) if you were
not expecting a specific attachment from that source. (Kindah)
No comments:
Post a Comment