Former member of hacktivist group Anonymous, Mike ‘sting3r’ Jones discusses the recent Saipem cyber-attack and the immediate threat to Big Oil.
Shamoon was first identified in 2012 and has been used in such attacks as Sony, Saudi Aramco, Qatar’s RasGas, has been linked to Sony attack in 2014, and most recently Saipem.
There have been multiple iterations of the malware since the first event.
Shamoon is unlike traditional malware and acts more like a worm in the fact it replicates across the network using credentials and does not rely on operating system vulnerabilities for its replication.
The malware also has a built-in date in which it wipes the data on a drive.
The threat to oil and gas resides in the state in which it leaves a system.
When systems critical to operations are affected by Shamoon it can cause mass damage and severe loss of uptime literally leaving the targets useless. With the interconnectivity of several networks owned by various companies it can cause multiple networks to feel the effect.
The group Cutting Edge Sword of Justice claimed responsibility for the attack against Saudi Aramco.
The oppressive measures in various countries used by Muslim oil resources was said to be the primary motivator in the attack.
To date this is the only attack carried out and responsibility claimed by this group.
To defend against and mitigate this type of attack it’s important to know the interconnectivity of networks from all sources involved.
One of the weaknesses taken advantage of in this attack is account credential protection which Windows updates were issued as far back as 2014.
Knowing this, it’s crucial to install updates where its possible when they are available.
The malware also exploits the use of the remote registry service by disabling user account control on the targets.
For modern threats to critical services within a network it’s important to practice good network hygiene, educate users, monitor not only health and status but also network security, as well as invest in researching current threats.
Knowing who your enemies are and their motivations is critical in the current cyber battlefield.
The wars of the years to come will take place in a battlefield that exists in 1’s and 0’s instead of latitudes and longitudes.
Mike ‘sting3r’ Jones will be doing a series of talks in Scotland beginning February 19 2019 at Napier University in Edinburgh entitled “Hackers on Tour”.