Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Incident Response

Insiders Suspected in Aramco Attack

Reuters is reporting that sources close to the investigation efforts in the Aramco attack are reporting that insiders are partly responsible. In August, Aramco, Saudi Arabia’s national oil company – and the world’s largest oil producer – had to contend with a malware outbreak that hit 30,000 systems in a single go.

Reuters is reporting that sources close to the investigation efforts in the Aramco attack are reporting that insiders are partly responsible. In August, Aramco, Saudi Arabia’s national oil company – and the world’s largest oil producer – had to contend with a malware outbreak that hit 30,000 systems in a single go.

According to Reuters’ Jim Finkle, insiders with high-level access to Aramco’s network helped attackers target the organization. The story cites sources familiar with the company’s ongoing investigation, who said the attack was made possible by, “someone who had inside knowledge and inside privileges within the company.”

Detecting Employee Data Theft

The early August attack gained traction because the malware itself appeared to be created solely for this campaign. It’s been said that the Aramco incident represents the largest malware-based attack on a single organization in history. The malware used in the attack, Shamoon, is highly destructive and hard to get rid of. It took Aramco two weeks to recover. 

In a statement shortly after the cleanup, the company said, “…oil and gas exploration, production and distribution from the wellhead to the distribution network were unaffected…,” by the attack, but that they were forced to take down their network to prevent the malware from spreading further.

Reuters’ exclusive is here. Additional information on Shamoon is available from Kaspersky and Symantec

Todd Lewellen, an information systems security analyst for the CERT Insider Threat Center wrote an interesting post today on the subject of insider threats.

“No industry sector is exempt from experiencing damage at the hands of malicious insiders,” Lewellen wrote. “Regardless of the sector your organization operates within, it is important that you protect it from damaging attacks that may come from your own employees.”

 CERT also recently released its CERT Guide to Insider Threats, a book that includes several examples of insider threat cases and analyses from over 10 years of insider threat research. That can be found here.

Symantec also published an interesting report on the psychology of the insider threat back in December 2011. The report, “Behavioral Risk Indicators of Malicious Insider Theft of Intellectual Property: Misreading the Writing on the Wall,” examined insider breaches to get a sense of not only how insiders steal data, but who does it and why. More on that can be found here.  

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.

Cybercrime

CISA, NSA, and MS-ISAC issued an alert on the malicious use of RMM software to steal money from bank accounts.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cyberwarfare

Russia-linked cyberespionage group APT29 has been observed using embassy-themed lures and the GraphicalNeutrino malware in recent attacks.

Incident Response

Cygnvs emerges from stealth mode with an incident response platform and $55 million in Series A funding.

Cybercrime

Chinese threat actor DragonSpark has been using the SparkRAT open source backdoor in attacks targeting East Asian organizations.

Cybercrime

No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.