Saipem-like cyber-attack numbers ‘will climb’, former hacker warns

Saipem.
Saipem.

The number of cyber-attacks to hit the servers of oil and gas firms “will climb”, a former computer hacker has warned.

Last week’s attack on oil services firm Saipem hit the firm’s servers in Aberdeen, India and the Middle East, with some servers attacked in Italy.

Mike Jones, a former hacker with the Anonymous hacktivist group, has said that as oil and gas firms become more exposed to new technology the number of cyber-attacks will climb.

Mr Jones claims the attack – which was achieved using the malware Shamoon – was either a destructive attempt to carry out “corporate damage” or an unknown political agenda.

He said: “The oil and gas industry should always expect the number of compromises to increase in symmetrical fashion with any lack of policy and patching carried out by the firms.

“With the exposure of new technology into a target rich environment the numbers will climb.

“Any firm not updating infrastructure and maintaining a routine patching process is definitely at risk.

“Attackers look for the lowest hanging fruit to stage the attack before they construct and develop new avenues of attack.”

Last Monday’s attack forced Saipem to take swift action, including “impact assessment measures”.

The company said the issue caused it to cancel “data and infrastructures”.

Asked what North Sea firms can do to protect themselves against future attacks, Mr Jones said: “Any firm in the North Sea that currently runs on legacy hardware and introducing IoT (internet of things) into their environments need to review patching policies as well as security policies.

“Vulnerabilities are constantly being discovered on both the OS level and hardware level and it’s very important to stay on top of new developments and research.

“The key to protection is know your environment, your attackers and their motivations.”

Breaking