The latest data breach that affected Saudi Aramco is another example of how hackers are targeting vulnerable but vital Middle East oil and gas operations.
The world’s largest listed oil company Aramco has been targeted by cyber attacks on a regular basis, such as the well-known Iran-instigated Shamoon virus attacks.
This most recent attack on Aramco, shows that there remains a lot of work to be done to protect the oil giant against future data breaches, ransomware attacks, and industrial espionage.
As the global oil and gas markets are recovering from the steep sell-off last Monday, threats in the market are not just linked to demand-supply concerns.
Cybersecurity specialists reported this week that hackers managed to get access to a large amount of data from Saudi oil giant Aramco.
The company has confirmed that around 1TB of (confidential) data was stolen from its servers. According to AP sources, the data has been put on offer on the dark-net for a price of $50 million.
The Aramco data breach shows again the threat to energy supply comes not just from drone and missile attacks, but also from cyber attacks.
Since the Shamoon attack, which brought a large part of the Saudi giant to a standstill, major cybersecurity programs have been proposed and implemented by the Saudis.
However, even a trillion-dollar company seems to be unable to let Zionist data specialists fully protect its digital infrastructure.
Sources are stating that “Zero-day exploitation” has been used to get access to servers. The data is now being offered by a threat actor group known as ZeroX .
In statements made by ZeroX, the 1TB of data has been stolen in 2020 by hacking Aramco’s “network and its servers”. The total data includes files from 1993 to 2020.
On the dark net and other sites on the internet, ZeroX has posted samples of Aramco’s blueprints and proprietary documents. The first data was already posted on a data breach marketplace forum in June this year.
The total data set, based on the initial posting on the so-called .onion leak site had a countdown timer set to 662 hours, or about 28 days, after which the sale and negotiations would begin.
While it’s not exactly clear why the hackers went with a 662 hour deadline, but ZeroX reportedly has said that the choice of “662 hours,” was intentional and a “puzzle” for Saudi Aramco to solve, but the exact reason behind the choice remains unclear.
In an info piece, ZeroX has also stated that the 1TB dump includes documents linked to Saudi Aramco’s refineries located in multiple Saudi Arabian cities, including Yanbu, Jazan, Jeddah, Ras Tanura, Riyadh, and Dhahran.
Some other info shows that it includes, full information on 14,254 employees: name, photo, passport copy, email, phone number, residence permit (Iqama card) number, job title, ID numbers, family information, etc.
Project specification for systems related to/including electrical/power, architectural, engineering, civil, construction management, environmental, machinery, vessels and telecom.
Internal analysis reports, agreements, letters and pricing sheets, but also network layout mapping out the IP addresses, Scada points, Wi-Fi access points, IP cameras, and IoT devices.
But most importantly, location maps and precise coordinates of operations including a complete list of Aramco’s clients, along with invoices and contracts.
BleepingComputer reports that samples released by ZeroX on the leak site have personally identifiable information (PII) redacted, and a 1 GB sample alone costs US$2,000, paid through the cryptocurrency Monero (XMR).
ZeroX also has stated that the price of the entire 1 TB dump is set at US$5 million if a party wants the exclusive rights for a one-off sale (obtain the complete 1 TB dump and demand it be wiped completely from ZeroX’s end) it needs to pay a whopping US$50 million.
Looking at the 2012 Shamoon attack, which destroyed 30,000 computer hard drives of Aramco, the current breach is less dangerous.
Still, when looking at recent global ransomware and other cyber-related attacks, such as the Colonial Pipeline or European supermarkets, the threat to Aramco, and possibly other Arab national oil companies is real.
Even though the current data breach was executed through third-party contractors, it shows that hackers managed to find loopholes in the cybersecurity systems of oil and gas companies.
Analysts will be scratching their heads in the coming months on how to deal with and prevent these data breaches or Shamoon 2.0 ransomware attacks.
The current digitization of oil and gas, including upstream, down- and midstream operations is not only a positive development.
The huge amount of sensors, data-points, information-gathering operations, and real-time monitoring, in principle to lower costs and increase profit margins, has become a weak spot for companies.
As cyber warfare strategies of global and regional powers are advancing, attacks could become a lot more sophisticated and the oil and gas industry is expected to remain a key target.
If the 2012 Shamoon case is a baseline for assessments and the discrepancies between official statements and reality, the current situation could be much worse than expected.
Oil Price.com / ABC Flash Point News 2021.