Saturday, September 1, 2012
The Saudi Aramco cyber attack points to new arsenal in a Hacktivists armoury
On August 15, 2012 a virus infected 30,000 desktops of the world largest oil producer Saudi Aramco, forcing disconnection of its IT systems from the external world, and the launch of a massive exercise to cleanse the infection. The primary objective of the virus was to erase all data from hard disks and report the deleted file names to an external control center. The attack was undertaken by a group calling itself the “Cutting Sword of Justice” which said in an ideological post on Pastebin, that it was “fed up of crimes and atrocities taking place in various countries around the world”.
Saudi Aramco is one of the largest petroleum producing companies and accounts for a significant portion of the Saudi economy. The hackers chose a Critical National Infrastructure target which is the largest financial source for the Al-Saud Regime. A major disruption of Aramco’s oil production networks would consequently have had a direct impact on global energy supplies and the global economy. Aramco reported that it had air gapped its oil production network thereby preventing damage to its oil production assets.
In past attacks like Stuxnet, the development of similar malware was primarily attributed to government funded units, but in this case the incident seems to suggest that the virus was developed by a hacktivist outfit. If true, it indicates a new and disturbing trend as previous Hacktivist methods were limited to the more mundane denial of service attacks or hacking into web sites.
Antimalware products have also once again demonstrated how deficient they are in defense against custom malware.