Is the Aramco attack a security wake up call?

It is time for regional business to take IT security more seriously

Tags: Cyber crimeSaudi ArabiaSaudi Aramco (
  • E-Mail
Is the Aramco attack a security wake up call? (ITP Images)
By  Mark Sutton Published  September 1, 2012

The cyber attack on Saudi Aramco, might have come as part of a wave of advanced persistent threats that are targeting the region, but it is by far the most high profile incident to have happened in this part of the world. If an organization of the size and scope of Saudi Aramco can be hit, then everyone is vulnerable.

Attacks against industry, and the oil and gas companies in particular, cut to the very life blood of the Middle East. These attacks go beyond embarrassment and into the serious economic threats to nation states. I don't believe there is a single, co-ordinated conspiracy to destabilize the Middle East, but rather the attacks are the work of a diverse range of ‘actors' with different aims, skill sets and means of operating. But that is not to say that any organization can be complacent or think that they aren't a potential target.

Flame is a highly complex malware, that must have been put together by serious people with serious resources, but if its capabilities were unseen before today, then tools like it will be a commodity tomorrow. Shamoon was even described as "a copycat, the work of a script kiddies," yet it must have cost Aramco hundreds of man hours to restore its systems, let alone any data loss that may have occurred.

The question is, whether organizations in the region will finally hear this wake up call? Aramco did the right thing in at least confirming the situation, but there needs to be more dialogue at a regional and global level on how to improve security systems, and to combat these threats. The national CERTS in the region, need to take the lead, and they need to get wider buy in from the governments behind them.

For the CIO or IT manager, there are solutions that are evolving that address some of the issues. Solutions to spot unusual behaviour on the network, that look to patterns or out-of-the-ordinary events, rather than simple firewall protocols or scanning for AV signatures, are coming to market, but they are complex and require strong technical skills to deploy, which, coming at a time when budgets are strained, to say the least, might not put them in reach of every organisation straight away.

But complex systems are not the best starting point. What is striking is the amount of times these attacks use known vulnerabilities or simple vectors of attack like infected USBs or social engineering. This is where companies in the region need to start taking a far more serious approach to security, from the basics up. Stop using vulnerable pirated software. Start patching applications properly. Create proper policies and enforce them, and educate staff. These threats to the region are not going away, so it is up to the IT professionals to start making changes that will provide the basics of defence.

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code