(Translated from the original Italian)
Last week it was reported that a serious cyber attack against the one of the world's largest energy companies, the Saudi Aramco, was committed by a group named the Arab Youth Group, who claimed responsibility for the event.
The group posted a message on PasteBin, declaring that the attack has been carried out to protest against Saudi government and its policy of support to Israel and the United States.
I decide to write on the attacks because they represent a case study for the impact that a cyber attack could have on private companies.
What is also interesting is the total anonymity on the real authors of the event. No one knows the identity of the hacker group, and they could be competitors or state sponsored hackers.
It's hard to determine attribution, and what is curious is the association with another strange event I described in a past post, the discovery of the Shamoon malware that has been used to attack other companies in the energy sector.
When discussed Shamoon, we raised several doubts on its origin and on its intended targets. Symantec experts announced the possibility of specific targeted attacks against at least one organization in the energy sector which has not been identified so far.
Coming back to that attack to Aramco, the company declared that its network was destroyed by a virus that infected machines at the company.
In an official announcement the company declared:
"The company has isolated all its electronic systems from outside access as an early precautionary measure... The disruption was suspected to be the result of a virus that had infected personal workstations without affecting the primary components of the network."
The company also declared that no vital systems for production have been affected, but it's clear how dangerous similar attacks could be for a private businesses.
In many circumstances, we have spoken of cyber operations that in a cyber warfare scenario could hit private businesses that represent a critical component for a country. In my opinion, Saudi Aramco is one such company.
The company has released the usual message to return to normal and to reassure the press, but in reality, in these cases there are serious consequences that could harm human lives.
(click image to enlarge)
"The company employs a series of precautionary procedures and multiple redundant systems within its advanced and complex system that are used to protect its operational and database systems..."
Who owns the company?
The energy company is fully owned by the Saudi Arabian government which is known to have several "enemies" for political and economic reasons.
While Aramco has provided some info regarding the status of infected systems, it has not provided any updates on the cyber attack. A few days ago the company announced in a statement to Bloomberg News that the infected systems were isolated:
“The network that runs the company’s major operations is safe and there are no effects whatsoever on production operations...”
Incidents like this are bound to increase, as attacks by political groups and governments are occurring with increasing frequency, and it is a miracle that so far there has been no loss of life. But in the near future, every company and agency will need to prepare for such events in order to avoid catastrophic consequences.
Cross-posted from Security Affairs