Connect with us

Hi, what are you looking for?



Iran Took Systems Offline After Cyber Attack Hit Oil Industry

Multiple Targets Hit During Cyber Attack Targeting Iranian Oil Industry

Iran disconnected computer systems at a number of its oil facilities in response to a cyber attack during the weekend, according to reports.

Multiple Targets Hit During Cyber Attack Targeting Iranian Oil Industry

Iran disconnected computer systems at a number of its oil facilities in response to a cyber attack during the weekend, according to reports.

A source at the National Iranian Oil Company (NIOC) reportedly told Reuters that a virus was detected inside the control systems of Kharg Island oil terminal, which handles the majority of Iran’s crude oil exports. In addition, computer systems at Iran’s Oil Ministry and its national oil company were hit.

Oil Ministry spokesman Ali Reza Nikzad-Rahbar told Mehr News Agency on Monday that the attack had not caused significant damage and the worm had been detected before it could infect systems.

Iran Oil Ministry Hit By Cyber AttackThere has been no word on the details of the malware found, but computer systems controlling several of Iran’s oil facilities were disconnected from the Internet as a precaution.

Back in 2010, Iran was discovered to be the main target of the infamous Stuxnet worm, which targeted the country’s uranium enrichment program. The country was also hit by Duqu, believed by many to be related to Stuxnet. Since then, the country has bolstered its cyber defenses, with Iran’s Police Chief Brigadier General Esmayeel Ahmadi Moqaddam stating in February that Iran has developed its cyber army not for offensive goals but for defensive purposes. However, BBC claimed in March that its website had been the victim of a cyber-attack following a campaign of intimidation by Iranian authorities. Though the BBC did not blame Iran for the attack, BBC Director General Mark Thompson called the situation “self-evidently suspicious.”

“Iran’s Revolutionary Guard claims to have created a “hack-proof” network for all sensitive data,” blogged Chester Wisniewski, senior security advisor at Sophos Canada. “I have yet to see a hack-proof network and if they have convinced themselves it’s true, perhaps that is part of the problem…One thing is clear, whether you are an oppressive regime, or simply an average small business, anyone who depends upon the internet will face malware threats and hacking attempts.”

To many in the security industry, the news comes hardly as a surprise. “Attacks on critical infrastructure are more common than many think. Because of a lack of disclosure in these industries many incidents ranging from sabotage and intellectual property theft to extortion go unreported,” Brian Contos, security director & consumer security strategist at McAfee told SecurityWeek.

Advertisement. Scroll to continue reading.

“There is a strong expectation that we are going to see more attacks targeting critical infrastructure around the world,” Contos added. “Most organizations within critical infrastructure operate with a mix of legacy and modern equipment leveraging applications and protocols that facilitate both. This duality makes their assets vulnerable to a wider range of attacks than organizations in industries like retail and finance.”

“The real news here is that this type of campaign could clearly have a serious and detrimental impact- both financially and socio-politically,” said Dr. Parveen Jain, president and CEO of RedSeal Networks, who also holds a Ph.D. in Nuclear Engineering. “The reality is that many of the SCADA systems used through industries such as oil, electric and water systems are based on legacy computing technologies that were deployed before concerns of cyber threats were a reality. These systems cannot be ripped and replaced, and won’t be. It’s not feasible. Neither is the idea of removing some of the Internet-based management controls that have put them at greater risk, because they’re much needed tools for smarter management of distributed power systems, etc.”

“The only solution for this problem is for infrastructure providers to do everything that they can to ensure that their systems are protected effectively at all times,” Jain added. “They have to know that the defenses they’ve put in place are indeed functioning properly and that they cannot be easily hacked. As with critical data, or any other mission critical computing systems, the answer is the same in every scenario. Companies, and the industry regulators that oversee them, need to make sure that the security systems that they’ve already invested in are actually effectively working. It’s not about fear-mongering over cataclysmic implications, as big of an attention getter as that may be. It’s about making sure that basic controls are in place, that segmentation is enforced, that policies are enforced, which in itself is hard without automation, given today’s complexity and rate of business-driven change.”

Related: Are Industrial Control Systems Secure?

Related: Industrial Control Systems are 10 Years Behind Enterprise IT on Security, Say Experts

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.


Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Malware & Threats

Threat actors are increasingly abusing Microsoft OneNote documents to deliver malware in both targeted and spray-and-pray campaigns.


The war in Ukraine is the first major conflagration between two technologically advanced powers in the age of cyber. It prompts us to question...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...