Viruses that badly affected computer systems at two major oil and gas companies in the Persian Gulf appear to be deliberate attempts at sabotage, but preliminary analysis of the code doesn't point to a state-sponsored attack, said Moscow cybersecurity firm Kaspersky Lab.
Viruses that badly affected computer systems at two major oil and gas
companies in the Persian Gulf appear to be deliberate attempts at sabotage, but
preliminary analysis of the code doesn't point to a state-sponsored attack,
said Moscow cybersecurity firm Kaspersky Lab.
Both state-owned Saudi Aramco, the world's biggest oil producer, and Qatar gas
exporter Ras Laffan Liquefied Natural Gas Co., known as RasGas, were hit last
month by a virus believed to be called Shamoon. The companies said their core
operations weren't affected.
"The Shamoon malware is not at a level where nation-state involvement is
the only plausible scenario," Kaspersky senior researcher Roel
Schouwenberg said.
"There are some beginner-level bugs in the code which we wouldn't
typically associate with an elite-level team of state-sponsored
programmers."
According to an analysis by cybersecurity firm Symantec Corp. (SYMC), Shamoon
is a destructive malware that corrupts files on a compromised computer and
overwrites key operational systems in an effort to render a computer unusable.
Saudi Aramco, which has a total staff of about 56,066, saw 30,000 of its
workstations affected by the cyberattack. It was forced to isolate all its
electronic systems from outside access until it restored them and restricted
its remote Internet access.
"This is clearly an act of sabotage," Mr. Schouwenberg said. "We
live in an era where cyberespionage is rampant. Sabotage isn't necessarily too
far removed from that."
Aramco hasn't named the bug, but the time stamp in the Shamoon malware was the
same time listed in the statement on online hacking forum Pastebin about the
attack, said Alex Gostev, Kaspersky's chief security expert.
RasGas said it has shut down part of its computer system since Monday but
didn't give further details on the scale of computers affected by the bug.
A person familiar with the matter told Dow Jones Newswires last week that
RasGas had been hit by the virus called Shamoon. The two firms had nothing to
say about the source of the attack.
A post on Pastebin claimed that a collective called the "Cutting Sword of
Justice" was responsible for the Aramco attack and that
Saudi
Arabia
had been targeted because of
its supposed involvement in "crimes and atrocities taking place in various
countries around the world, especially in the neighbouring countries such as
Syria
,
Bahrain
,
Yemen
."
Kaspersky Lab's analysts said it wasn't possible to identify the source or
motivation of the attacks or if they could be related.
If they were the start of a new wave of so-called hacktivism, "that would
be an extremely worrisome development," Mr. Schouwenberg said.
It would indicate that such groups had moved from fairly commonplace
distributed denial of service attacks, in which hackers bring down websites by
overwhelming them with requests for page views, to more advanced methods
involving breaching and publishing databases, to damaging sabotage, he said.
Despite Aramco's assurance that its precautionary procedures and multiple
redundant systems left the company's production unharmed, it was difficult to
assess if the firm's claims are credible.
"In theory, corporate networks and industrial control networks are
supposed to be air gapped (physically separated), making it impossible for them
to interact with one another. But in practice, most air gaps are lacking in
implementation, so communications between the two networks are possible,"
Mr. Schouwenberg said.
"Overall, we see many large companies that are not well-equipped to deal
with network worms... We often see productivity chosen over security, but in
this case, we're referring to a critical infrastructure company, so it should
be held to a higher standard," he said.
"The critical question is if the malware managed to get into the
industrial control network," he said.
The most-famous example of a virus that did infiltrate an industrial control
network is Stuxnet, which damaged centrifuges Iranian uranium enrichment
facilities in 2010.
Banque Saudi Fransi (1050.SA), the lender part-owned by France's Credit
Agricole SA (ACA.FR, CRARY), last week was the victim of Stuxnet cyberweapon
that affected the company's shared computer disc drives but left its operations
unharmed, a person familiar with the matter said Sunday.
A spokesman for Banque Saudi Fransi declined to comment when contacted by Dow
Jones Newswires.
Both Aramco and RasGas said their oil and gas operations weren't affected by
last month's attacks.
Kaspersky Lab's recent survey of more than 3,300 experts indicates that
cyberthreats are likely to be the number one risk to business within the next
two years.
Meanwhile, some firms in the Gulf have taken extra antihacking measures in the
wake of the recent attacks.
"This is a wakeup call for everyone. Here in
Saudi
Arabia
, for instance, most large
firms have asked their staff to be extra careful before opening any emails and
to report any suspicious correspondence," a Saudi executive said.
Διαβάστε ακόμα
Τρι, 24 Σεπτεμβρίου 2024 - 19:58
Τρι, 24 Σεπτεμβρίου 2024 - 19:54
Τετ, 18 Σεπτεμβρίου 2024 - 18:32
Τετ, 18 Σεπτεμβρίου 2024 - 18:27
Τρι, 17 Σεπτεμβρίου 2024 - 20:01