Five years ago Saudi Arabia suffered the world’s biggest cyberattack. Now it’s on red alert for a repeat.
A warning was issued by the elite computer security team that helps guard Saudi Arabia’s infrastructure, the Computer Emergency Response Team.
“Following a recent cyberattack which targeted several national organizations, this is an urgent call for your cybersecurity team to be on the alert for Shamoon 2 and ransomware attacks that could possibly cripple your organization’s systems,” CERT-SA said late on Tuesday.
The Shamoon virus operates like a time bomb. It was used in the huge cyberattack in 2012 on Saudi Aramco, the world’s biggest oil company.
Within a matter of hours, 35,000 computers were partially wiped or totally destroyed in that attack. It forced one of the most valuable companies on earth back into 1970s technology, using typewriters and faxes.
“Shamoon renders the computer unusable by overriding the hard disk with garbage,” said Candid Wueest, security analyst and researcher at Symantec.
The warning followed attacks Monday on Saudi’s labor ministry and human resources development fund, which helps Saudis find jobs. The kingdom’s state news agency said the hack was limited to some web pages and user terminals, but customer data was not affected.
Sadara, a chemical company owned by Aramco and Dow Chemical tweeted on Sunday it had experienced “a network disruption” but operations had not been affected.
Many Saudis received text messages from their banks telling them their accounts had not been hacked.
“We’ve seen some of the targeted organizations not affected at all, others were able to recover quickly from backups or affected in a limited number of devices,” said Mohamed Hasbini, senior security researcher at Kaspersky Lab.
This is just the latest in a string of attacks on Saudi Arabia. In November, hackers destroyed computers at six important Saudi organizations.
“It was the same code and same methods [as in 2012] being used,” said Wueest. “At the time we weren’t sure how they got in but with the new information we know they use targeted email attacks.”
It’s unclear who is behind the attacks but U.S. intelligence has in the past (quietly) pointed the finger at Iran.
“We do not have any country that we can pinpoint it to, but what we can say is that we think it’s a nation state. It’s very sophisticated and well executed,” said Wueest.
He said other countries in the region, including Iran, have also been targeted recently but the damage was small.