Saudi Aramco Restores Network After Shamoon Malware Attack

  /     /     /  
Publicated : 22/11/2024   Category : security


Saudi Aramco Restores Network After Shamoon Malware Attack


Hacktivist-launched virus takes out 75% of state-owned oil companys workstations, signals the growing power of attackers with social or political agendas.



Saudi Aramco announced Sunday that it had restored full network access to PCs after a malware attack, launched on Aug. 15, infected approximately 30,000 of the organizations workstations. The company said it had proactively disabled network access for all infected PCs, as well as any remote access to the companys networks, until Saturday, when it completed related clean-up efforts.
A self-described activist group, Cutting Sword of Justice,
claimed credit for the attack
against Saudi Aramco--the state-owned national oil company of Saudi Arabia, as well as the worlds largest exporter of crude oil--before it was launched. Security experts have dubbed the malware used in the attack Shamoon, and said that it can exfiltrate data from infected systems and erase their hard drives.
According to Khalid A. Al-Falih, president and CEO of Saudi Aramco, the company reacted quickly once it spotted the infection. We addressed the threat immediately, and our precautionary procedures--which have been in place to counter such threats--and our multiple protective systems have helped to mitigate these deplorable cyber threats from spiraling, he said in a statement.
Despite the malware attack having successfully infected 75% of the companys workstations, Al-Falih insisted that the companys exploration, producing, exports, sales, distribution, and financial and human resources systems, including related databases and
industrial control systems
, hadnt been breached, which he said was due to their having been placed on isolated networks.
But at least one of the companys websites,
www.aramco.com
--which had been taken offline after the attack--remained offline Monday.
Saudi Aramco has promised to further beef up its security--which is wise, given that a single virus was able to infect so many of its PCs. We will ensure that we will further reinforce our systems with all available means to protect against a recurrence of this type of cyber-attack, said Al-Falih.
If Cutting Sword of Justice really is a band of hacktivists--as opposed to an operation sponsored by a country that has a poor relationship with Saudi Arabia, such as Israel--then the Shamoon malware represents a first on the hacktivism front, given that groups such as
Anonymous and LulzSec
have typically targeted known Web application vulnerabilities or used
distributed-denial-of-service (DDoS) attacks
. This is the first significant use of malware in a hacktivist attack, said Impervas Rob Rachwald, director of security strategy, and Barry Shteiman, a principal security engineer, in a
blog post
. In the past ... most hacktivist attacks were primarily application or DDoS attacks.
In addition, the attack highlights how
nation states
arent necessarily behind all critical infrastructure or other types of
advanced attacks
. In the last couple of years, it became very popular to single out the Chinese, U.S., and Israeli governments for cyber-warfare ... [but] this time it was hacktivists working for a political and social cause, said Rachwald and Shteiman. A group of hobbyists and hacktivists with several very strong minded developers and hackers achieved results similar to what we have allegedly seen governments accomplish. Does this mean that the power of the hacktivism has become so strong that it can compete with government cyber warfare organizations?
Cybercriminals are taking aim at your website. Is your security strategy up to the challenge? Also in the new, all-digital
10 Steps To E-Commerce Security
special issue of Dark Reading: About half of the traffic to e-commerce sites is machine generated--and much of it is malicious. (Free registration required.)

Last News

▸ Travel agency fined £150,000 for breaking Data Protection Act. ◂
Discovered: 23/12/2024
Category: security

▸ 7 arrested, 3 more charged in StubHub cyber fraud ring. ◂
Discovered: 23/12/2024
Category: security

▸ Nigerian scammers now turning into mediocre malware pushers. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Saudi Aramco Restores Network After Shamoon Malware Attack