Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Incident Response

Insiders Suspected in Aramco Attack

Reuters is reporting that sources close to the investigation efforts in the Aramco attack are reporting that insiders are partly responsible. In August, Aramco, Saudi Arabia’s national oil company – and the world’s largest oil producer – had to contend with a malware outbreak that hit 30,000 systems in a single go.

Reuters is reporting that sources close to the investigation efforts in the Aramco attack are reporting that insiders are partly responsible. In August, Aramco, Saudi Arabia’s national oil company – and the world’s largest oil producer – had to contend with a malware outbreak that hit 30,000 systems in a single go.

According to Reuters’ Jim Finkle, insiders with high-level access to Aramco’s network helped attackers target the organization. The story cites sources familiar with the company’s ongoing investigation, who said the attack was made possible by, “someone who had inside knowledge and inside privileges within the company.”

Detecting Employee Data Theft

The early August attack gained traction because the malware itself appeared to be created solely for this campaign. It’s been said that the Aramco incident represents the largest malware-based attack on a single organization in history. The malware used in the attack, Shamoon, is highly destructive and hard to get rid of. It took Aramco two weeks to recover. 

In a statement shortly after the cleanup, the company said, “…oil and gas exploration, production and distribution from the wellhead to the distribution network were unaffected…,” by the attack, but that they were forced to take down their network to prevent the malware from spreading further.

Reuters’ exclusive is here. Additional information on Shamoon is available from Kaspersky and Symantec

Todd Lewellen, an information systems security analyst for the CERT Insider Threat Center wrote an interesting post today on the subject of insider threats.

“No industry sector is exempt from experiencing damage at the hands of malicious insiders,” Lewellen wrote. “Regardless of the sector your organization operates within, it is important that you protect it from damaging attacks that may come from your own employees.”

 CERT also recently released its CERT Guide to Insider Threats, a book that includes several examples of insider threat cases and analyses from over 10 years of insider threat research. That can be found here.

Advertisement. Scroll to continue reading.

Symantec also published an interesting report on the psychology of the insider threat back in December 2011. The report, “Behavioral Risk Indicators of Malicious Insider Theft of Intellectual Property: Misreading the Writing on the Wall,” examined insider breaches to get a sense of not only how insiders steal data, but who does it and why. More on that can be found here.  

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

Malware & Threats

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...

Incident Response

Microsoft has rolled out a preview version of Security Copilot, a ChatGPT-powered tool to help organizations automate cybersecurity tasks.

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...