Cybersecurity specialists reported this week that hackers managed to get access to a large amount of data from Saudi oil giant Aramco, reports OilPrice.
Not just demand-supply issues
As the global oil and gas markets are recovering from the steep sell-off last Monday, threats in the market are not just linked to demand-supply concerns.
Data theft
Cybersecurity specialists reported this week that hackers managed to get access to a large amount of data from Saudi oil giant Aramco.
The company has confirmed that around 1TB of (confidential) data was stolen from its servers. According to AP sources, the data has been put on offer on the darknet for a price of $50 million.
Who is behind the data theft?
It is at present still unknown who is behind the data theft, but some are also worried about the fact that no additional information is being given by the parties involved.
The world’s largest listed oil company Aramco has been targeted by cyberattacks on a regular basis, such as the well-known Iran-instigated Shamoon virus attacks. This most recent attack on Aramco, shows that there remains a lot of work to be done to protect the oil giant against future data breaches, ransomware attacks, and industrial espionage.
Data breach
The Aramco data breach shows again the threat to energy supply comes not just from drone and missile attacks, but also from cyberattacks.
The Shamoon attack
Since the Shamoon attack, which brought a large part of the Saudi giant to a standstill, major cybersecurity programs have been proposed and implemented by the Saudis. However, even a trillion-dollar company seems to be unable to fully protect its digital infrastructure.
1TB data breach
For financial stakeholders, the current situation is of course of interest. Saudi Aramco is implementing a major company restructuring strategy, focusing on mid-and downstream assets.
The 1TB data breach is linked according to sources especially to downstream assets and operations.
Access to server and information displayed
Sources are stating that “Zero-day exploitation” has been used to get access to servers. The data is now being offered by a threat actor group known as ZeroX . In statements made by ZeroX, the 1TB of data has been stolen in 2020 by hacking Aramco’s “network and its servers”.
Some other info shown includes:
- Full information on 14,254 employees: name, photo, passport copy, email, phone number, residence permit (Iqama card) number, job title, ID numbers, family information, etc.
- Project specification for systems related to/including electrical/power, architectural, engineering, civil, construction management, environmental, machinery, vessels, telecom, etc.
- Internal analysis reports, agreements, letters, pricing sheets, etc.
- Network layout mapping out the IP addresses, Scada points, Wi-Fi access points, IP cameras, and IoT devices.
- Location map and precise coordinates.
- List of Aramco’s clients, along with invoices and contracts.
Payment through Cryptocurrency
BleepingComputer reports that samples released by ZeroX on the leak site have personally identifiable information (PII) redacted, and a 1 GB sample alone costs US$2,000, paid through the cryptocurrency Monero (XMR).
Not a ransomware attack
All parties, including ZeroX and Aramco, have reiterated that the incident is not a ransomware attack. Aramco has repeated that the breach happened at third-party contractors and that Aramco’s systems were not directly involved. A company spokesman repeated that the company continues to maintain a robust cybersecurity posture. Looking at the 2012 Shamoon attack, which destroyed 30,000 computer hard drives of Aramco, the current breach is less dangerous.
Cyber-related attacks
Still, when looking at recent global ransomware and other cyber-related attacks, such as the Colonial Pipeline or European supermarkets, the threat to Aramco, and possibly other Arab national oil companies is real.
Some also have stated that the ZeroX attack is a first of maybe a list of upcoming cyber attacks on Aramco. Even though the current data breach was executed through third-party contractors, it shows that hackers managed to find loopholes in the cybersecurity systems of oil and gas companies.
It’s Free! Click here to Subscribe!
Source: OilPrice
