Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cyberwarfare

Iran Took Systems Offline After Cyber Attack Hit Oil Industry

Multiple Targets Hit During Cyber Attack Targeting Iranian Oil Industry

Iran disconnected computer systems at a number of its oil facilities in response to a cyber attack during the weekend, according to reports.

Multiple Targets Hit During Cyber Attack Targeting Iranian Oil Industry

Iran disconnected computer systems at a number of its oil facilities in response to a cyber attack during the weekend, according to reports.

A source at the National Iranian Oil Company (NIOC) reportedly told Reuters that a virus was detected inside the control systems of Kharg Island oil terminal, which handles the majority of Iran’s crude oil exports. In addition, computer systems at Iran’s Oil Ministry and its national oil company were hit.

Oil Ministry spokesman Ali Reza Nikzad-Rahbar told Mehr News Agency on Monday that the attack had not caused significant damage and the worm had been detected before it could infect systems.

Iran Oil Ministry Hit By Cyber AttackThere has been no word on the details of the malware found, but computer systems controlling several of Iran’s oil facilities were disconnected from the Internet as a precaution.

Back in 2010, Iran was discovered to be the main target of the infamous Stuxnet worm, which targeted the country’s uranium enrichment program. The country was also hit by Duqu, believed by many to be related to Stuxnet. Since then, the country has bolstered its cyber defenses, with Iran’s Police Chief Brigadier General Esmayeel Ahmadi Moqaddam stating in February that Iran has developed its cyber army not for offensive goals but for defensive purposes. However, BBC claimed in March that its website had been the victim of a cyber-attack following a campaign of intimidation by Iranian authorities. Though the BBC did not blame Iran for the attack, BBC Director General Mark Thompson called the situation “self-evidently suspicious.”

“Iran’s Revolutionary Guard claims to have created a “hack-proof” network for all sensitive data,” blogged Chester Wisniewski, senior security advisor at Sophos Canada. “I have yet to see a hack-proof network and if they have convinced themselves it’s true, perhaps that is part of the problem…One thing is clear, whether you are an oppressive regime, or simply an average small business, anyone who depends upon the internet will face malware threats and hacking attempts.”

To many in the security industry, the news comes hardly as a surprise. “Attacks on critical infrastructure are more common than many think. Because of a lack of disclosure in these industries many incidents ranging from sabotage and intellectual property theft to extortion go unreported,” Brian Contos, security director & consumer security strategist at McAfee told SecurityWeek.

“There is a strong expectation that we are going to see more attacks targeting critical infrastructure around the world,” Contos added. “Most organizations within critical infrastructure operate with a mix of legacy and modern equipment leveraging applications and protocols that facilitate both. This duality makes their assets vulnerable to a wider range of attacks than organizations in industries like retail and finance.”

Advertisement. Scroll to continue reading.

“The real news here is that this type of campaign could clearly have a serious and detrimental impact- both financially and socio-politically,” said Dr. Parveen Jain, president and CEO of RedSeal Networks, who also holds a Ph.D. in Nuclear Engineering. “The reality is that many of the SCADA systems used through industries such as oil, electric and water systems are based on legacy computing technologies that were deployed before concerns of cyber threats were a reality. These systems cannot be ripped and replaced, and won’t be. It’s not feasible. Neither is the idea of removing some of the Internet-based management controls that have put them at greater risk, because they’re much needed tools for smarter management of distributed power systems, etc.”

“The only solution for this problem is for infrastructure providers to do everything that they can to ensure that their systems are protected effectively at all times,” Jain added. “They have to know that the defenses they’ve put in place are indeed functioning properly and that they cannot be easily hacked. As with critical data, or any other mission critical computing systems, the answer is the same in every scenario. Companies, and the industry regulators that oversee them, need to make sure that the security systems that they’ve already invested in are actually effectively working. It’s not about fear-mongering over cataclysmic implications, as big of an attention getter as that may be. It’s about making sure that basic controls are in place, that segmentation is enforced, that policies are enforced, which in itself is hard without automation, given today’s complexity and rate of business-driven change.”

Related: Are Industrial Control Systems Secure?

Related: Industrial Control Systems are 10 Years Behind Enterprise IT on Security, Say Experts

Written By

Marketing professional with a background in journalism and a focus on IT security.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cyberwarfare

WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...

Cyberwarfare

Russian espionage group Nomadic Octopus infiltrated a Tajikistani telecoms provider to spy on 18 entities, including government officials and public service infrastructures.

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Malware & Threats

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...

Cyberwarfare

Several hacker groups have joined in on the Israel-Hamas war that started over the weekend after the militant group launched a major attack.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...