In late July 2021, Saudi Aramco acknowledged a data leak of its company from one of its contractors. The oil company revealed that it lately became informed about its corporate data leak withheld by its third-party contractors. The state-owned oil giant did not name the contractor or notify the nature of the intrusion. However, the company confirmed that the data leak did not happen because of a breach of its system. It maintained that the incident had no direct impact on its operations and internal IT systems. Also, the company sustained a robust cybersecurity posture.
The Clarification of the Data Leak
The statement from the oil company came after a hacker claimed on the darknet of stealing 1 TB of data. The hacker asserted that it had withdrawn information on a range of subjects. It includes confidential employee and client data, payroll files, and the location of oil refineries. As per a website created for this extortion attempt, cybercriminals are demanding $50 million. Furthermore, they want to receive the ransom in the form of Monero cryptocurrency.
According to BleepingComputer, one TB of proprietary data relating to Saudi Aramco was on sale on the darknet by Zerox296. It is a threat actor group claiming to have stolen the data by hacking the network and servers of Saudi Aramco. Surprisingly, the threat actor group claimed to have conducted the activity back in 2020. The group also maintained that the files in the dump are as new as 2020. Nonetheless, it confirmed that some files might date back to 1993.
Upon asking the method leveraged to obtain access to the system, the group did not describe the vulnerability. Instead, the group called it zero-day exploitation in a cloud storage platform. They posted a small set of proprietary documents and blueprints with redacted PII on a famous data leak forum. The group had carried out it most likely to create traction among its prospective purchasers.
Saudi Aramco — One of the Largest Oil Producer Companies in the World
The state-owned Saudi Aramco is one of the largest oil and natural gas companies in the world. The company employs approximately 66,000 employees, and its net income is $49 billion. In 2020, the oil giant had hit $230 billion in revenue, according to the latest reports.
The company got targeted by a cyberattack in the past as well. For instance, the so-called Shamoon wiper malware hit the computer network of the company in 2012. The attack was so damaging that it destroyed internal IT networks and 30,000 computers within hours.
Another virus in 2017 also dismantled computers at Sadara. It was a joint venture between the Dow Chemical Company headquartered in Michigan and Saudi Aramco. On that occasion, officials warned it as another version of Shamoon.
The cyberattacks on the energy industry have increased globally. The most prominent among them is the ransomware attack on Colonial Pipeline in May this year. The cyberattack was so devastating that it disrupted a considerable fuel supply to the U.S. East Coast for a week.
Meanwhile, security experts have long been denouncing the global oil & gas industry for the lack of investment in cybersecurity. When consequences of cyberattacks on industries as essential as oil and gas are unimaginable, the only way forward is to pursue proactive cybersecurity.