On
August 15, 2012 a virus infected 30,000 desktops of the world largest oil producer
Saudi Aramco, forcing disconnection of its IT systems from the external world,
and the launch of a massive exercise to cleanse the infection. The primary
objective of the virus was to erase all data from hard disks and report the
deleted file names to an external control center. The attack was undertaken by a group calling
itself the “Cutting Sword of Justice” which said in an ideological post on
Pastebin, that it was “fed up of crimes and atrocities taking place in various
countries around the world”.
Saudi
Aramco is one of the largest petroleum producing companies and accounts for a
significant portion of the Saudi economy.
The hackers chose a Critical National Infrastructure target which is
the largest financial source for the Al-Saud Regime. A major disruption of Aramco’s oil production
networks would consequently have had a direct impact on global energy supplies
and the global economy. Aramco reported that it had air gapped its oil
production network thereby preventing damage to its oil production assets.
In
past attacks like Stuxnet, the development of similar malware was primarily
attributed to government funded units, but in this case the incident seems to suggest
that the virus was developed by a hacktivist outfit. If true, it indicates a new and disturbing
trend as previous Hacktivist methods were limited to the more mundane denial of
service attacks or hacking into web sites.
Antimalware products have also once again demonstrated how deficient they are in
defense against custom malware.
No comments:
Post a Comment