Not so long ago the energy industry was shaken by the discovery of the biggest cyber threat to have graced cyberspace – Stuxnet. The highly-targeted worm hit Iran’s nuclear facilities affecting their SCADA systems and giving it the ability to affect the physical conditions of the nuclear plant, including centrifuges’ rotor speeds – leading to the reported destruction of 1,000 centrifuges.
Since then we have seen similar threats arise in the shape of Duqu and Flame and recently a spate of new attacks on the oil and energy industry have emerged.
Alerts were recently issued regarding viruses dubbed ‘Shamoon’ or ‘Disstrack’ aimed specifically at the industry. Rather than affect the physical systems or steal data as we have seen in the past, this worm’s sole purpose is to irrevocably delete data that it may come across.
Although there have been no confirmations of the discovery of Shamoon/Disstrack, two energy firms have revealed that they have been the target of cyber attacks (and it is suspected by many that this virus was the culprit).
Qatar-based energy firm RasGas – one of the world’s largest producers of liquid petroleum gas – announced over the weekend that its internal systems had been taken offline. The firm was forced to take down its desktop PCs, email and web servers.
Days previous to this Saudi Arabian energy firm Aramco announced that 30,000 of its desktop computer workstations had been knocked out by a virus. The attack against Aramco – the world’s largest oil company – forced them to suspend access to both internal and remote networks for 10 days.
Both firms said that production was not affected by the attacks.
Hacktivist group Cutting Sword of Justice has taken responsibility for the Aramco attack, describing it as payback for the Saudi royal family’s attempts to quell Arab-spring style revolts in neighbouring countries. Circumstantial evidence could suggest that the company was also hit by the data-deleting virus Shamoon.