Saudi Aramco oil firm claims to be over cyber attack

Saudi Aramco oil firm claims to be over cyber attack:

International oil company Saudi Aramco claims to be over a cyber attack on 15 August and maintains that oil production was not disrupted.

The company said around 30,000 workstation computers that were hit by a virus attack are back online, although remote access is still being restricted “as a precaution”.

Saudi Aramco has also not yet restored its website, displaying a message apologising for any inconvenience instead.

"We have isolated all our electronic systems from outside access as an early precautionary measure that was taken following a sudden disruption which affected some sectors of our network," the message reads. “Most of the damage has now been repaired."

A group named the Cutting Sword of Justice – which blames the Saudi Government for “crimes and atrocities” in several countries – has claimed responsibility for the attack in an online forum.

The group said the state-run oil firm was hit because it was a key source of income for the government, according to the BBC.

Last week, cybersecurity researchers uncovered a new threat called Shamoon that they said was targeting infrastructure in the energy sector, but Saudi Aramco has not said whether this was the malware involved in the attack on its network.

Researchers at security firm Symantec said Shamoon, also known as W32.Disttrack, corrupts files on a compromised computer and overwrites the MBR (Master Boot Record) in an effort to render a computer unusable.

The attack is designed to penetrate a computer via the internet and then target other computers on the same network. Data on the targeted computers is replaced with image files to prevent data recovery.

Shamoon is the latest in a line of attacks that have targeted infrastructure. It follows Stuxnet – which was designed to hit nuclear infrastructure in Iran – and Duqu, Flame and Gauss, that have all sought to infiltrate networks to steal data.

With the increasing computerisation of critical infrastructure services, the energy and utility industries have never been more vulnerable to cyber attacks, according to security firm LogRhythm.