Middle East Oil Companies Defend against Malware Attacks
In April 2012, Iran‘s main oil ministry was hit by a complex cyberattack that affected the websites of subsidiary organizations and its entire communications systems. Now four short months later, news has recently broken that Aramco, the state-owned national oil company of Saudi Arabia, has suffered an attack as well.
Aramco’s website was back online about a week after the attack, and Khalid A. Al-Falih, Aramco’s president and CEO, confirmed that they have restored the networks of approximately 30,000 infected workstations. He pointed out that, although this attack affected 75 percent of the company’s computers, there was never any breach or halt of production, exploration, or financial resources.
One thing that makes the attack against Saudi Arabia unique is that it’s believed to have been carried out by a previously lesser-known hacktivist group, Cutting Sword of Justice. Hacktivists in the past have primarily carried out DDoS attacks that simply tried to take websites offline. But in this instance, “Shamoon” (dubbed by security experts) was designed to not only erase hard drives but render them useless in the future.
The Shamoon malware was very similar to the Flame and Stuxnet weapons used against Iran, although many believe those attacks came directly from the US and Israeli governments to sabotage Iran’s nuclear operations. Neither country has confirmed or denied involvement, although unnamed sources from the US have admitted to being behind the operation.
Addressing the potential fears of investors, Saudi Aramco’s Al-Falih said, “We will ensure that we will further reinforce our systems with all available means to protect against a future recurrence of this type of cyberattack.” Iran is taking online security in a completely different direction by beginning the controversial creation of a domestic intranet system. Starting in September, Iran will be taking all ministries and state websites offline in an attempt to protect the country from “one or two specific countries”—presumably the US and Israel.
Earlier this summer, banks in Lebanon fell victim to the Gauss malware threat, designed to steal large amounts of financial data. Gauss, Flame, Stuxnet, and Duqu have all sprung up in 2012, predominantly infecting computers in the Middle East.