Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Incident Response

Insiders Suspected in Aramco Attack

Reuters is reporting that sources close to the investigation efforts in the Aramco attack are reporting that insiders are partly responsible. In August, Aramco, Saudi Arabia’s national oil company – and the world’s largest oil producer – had to contend with a malware outbreak that hit 30,000 systems in a single go.

Reuters is reporting that sources close to the investigation efforts in the Aramco attack are reporting that insiders are partly responsible. In August, Aramco, Saudi Arabia’s national oil company – and the world’s largest oil producer – had to contend with a malware outbreak that hit 30,000 systems in a single go.

According to Reuters’ Jim Finkle, insiders with high-level access to Aramco’s network helped attackers target the organization. The story cites sources familiar with the company’s ongoing investigation, who said the attack was made possible by, “someone who had inside knowledge and inside privileges within the company.”

Detecting Employee Data Theft

The early August attack gained traction because the malware itself appeared to be created solely for this campaign. It’s been said that the Aramco incident represents the largest malware-based attack on a single organization in history. The malware used in the attack, Shamoon, is highly destructive and hard to get rid of. It took Aramco two weeks to recover. 

In a statement shortly after the cleanup, the company said, “…oil and gas exploration, production and distribution from the wellhead to the distribution network were unaffected…,” by the attack, but that they were forced to take down their network to prevent the malware from spreading further.

Reuters’ exclusive is here. Additional information on Shamoon is available from Kaspersky and Symantec

Todd Lewellen, an information systems security analyst for the CERT Insider Threat Center wrote an interesting post today on the subject of insider threats.

“No industry sector is exempt from experiencing damage at the hands of malicious insiders,” Lewellen wrote. “Regardless of the sector your organization operates within, it is important that you protect it from damaging attacks that may come from your own employees.”

 CERT also recently released its CERT Guide to Insider Threats, a book that includes several examples of insider threat cases and analyses from over 10 years of insider threat research. That can be found here.

Advertisement. Scroll to continue reading.

Symantec also published an interesting report on the psychology of the insider threat back in December 2011. The report, “Behavioral Risk Indicators of Malicious Insider Theft of Intellectual Property: Misreading the Writing on the Wall,” examined insider breaches to get a sense of not only how insiders steal data, but who does it and why. More on that can be found here.  

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

People on the Move

Karl Triebes has joined Ivanti as Chief Product Officer.

Steven Hernandez has joined USAID as CISO and Deputy CIO.

Data security and privacy firm Protegrity has named Michael Howard as its CEO.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.