The energy industry is under attack, Saudi Aramco announced it has seen an increase in attempted cyber attacks since the final quarter of 2019. The data is alarming, even if the petroleum giant confirmed to have successfully countered them.
“Overall there is definitely an increase in the attempts of (cyber) attacks, and we are very successful in preventing these attacks at the earliest stage possible,” Khalid al-Harbi, Saudi Aramco chief information security officer, told Reuters in a telephone interview.
“The pattern of the (cyber) attacks is cyclical, and we are seeing that the magnitude is increasing, I would suspect that this will continue to be a trend.”
Al-Harbi expressed concerns about the growing trend and for the increase of the magnitude of the attacks. Saudi Arabia’s energy sector has been the target of several cyber attacks in the past.
On December 2016, security experts observed a new wave of attacks leveraging on the Shamoon malware. The malware experts from Palo Alto Networks and Symantec both reported an attack on a single Saudi company.
The new variant of Shamoon, so-called Shamoon 2, can rewrite the MBR on affected computers with an image of a three-year-old Syrian boy named Alan Kurdi that lay dead on a Turkish beach.
“Why Shamoon has suddenly returned again after four years is unknown. However, with its highly destructive payload, it is clear that the attackers want their targets to sit up and take notice,” reported Symantec.
In January 2017, researchers at Palo Alto Networks discovered a new strain of the Shamoon 2 malware that was targeting virtualization products.
The researchers at IBM’s X-Force Incident Response and Intelligence Services (IRIS) believe
The malware experts identified servers used to deliver Shamoon, they have broken onto the server used by the attackers and gathered more information to study the threat and its attack chain.
In December 2017, security firms FireEye and Dragos reported the discovery of a new strain of malware dubbed Triton (aka Trisis) specifically designed to target industrial control systems (ICS).
Both FireEye and Dragos would not attribute the Triton malware to a specific threat actor, they only revealed that it has been used in attacks aimed at an unnamed critical infrastructure organization and caused a shutdown at a critical infrastructure organization somewhere in the Middle East.
Experts at CyberX who analyzed samples of the malware provided further details on the attack, revealing that Triton was likely developed by Iran and used to target an organization in Saudi Arabia.
Saudi Aramco is one of the most important oil supply worldwide, its p
Harbi also revealed that Saudi Aramco p
(SecurityAffairs – Saudi Aramco, Saudi Arabia)