30 Aug 2014

300 oil companies hacked in Norway

A Government official is reported to have claimed that approximately 300 oil and energy companies in Norway have been hit by one of the biggest cyber-attacks ever to have happened in this Scandinavian country.


This was first reported by The Local and Dagens Næringsliv which stated that the National Security Authority Norway (Nasjonal Sikkerhetsmyndighet, NSM) has detailed how 50 companies in the oil sector were hacked and how another 250 have been warned that they may have been hit too.
NSM  which is Norway's cyber crime prevention authority, an equivalent of CERT-UK in Great Britain has warned companies about the newest threats. It took part of the CyberEurope2014 exercise in June.
The companies themselves haven't been named – although NSM is investigating whether the computer systems at Statoil, Norway's largest oil company, were targeted.  Prima facie it seems that Statoil was able to fend of the attack.  Statoil claimed it “has control” over the attack.  It also confirmed that it was among the firms who were target of a “massive and advanced” attack by hackers last year that went on for three days. Technical details are also few and far between at this moment in time.
This isn't the first time this type of attack has hit Norwegian shores, with ten oil, gas and defence sector firms hit via targeted spear-phishing emails in 2011. The unidentified hackers made off with industrial drawings, contracts and log-in credentials.

It’s a big, bad world out there,” wrote John Knight, Statoil’s strategy director, in an update on the company’s internal website earlier this summer. Newspaper Dagens Næringsliv (DN), which broke the news this week about the national security agency (NSM)’s warnings to as many as 300 Norwegian companies, reported Thursday that Statoil faced an even more serious situation last year.

It started on March 12,” recalled Statoil IT director Sonja Chirico Indrebø. She told DN that it prompted Statoil to confiscate 40 computers from its employees who hadn’t even noticed that unknown hackers were using them to get around Statoil’s security systems.
The attack involved the hackers’ earlier success at breaking into the website of a well-known international company that gathers data on the oil industry. Statoil declined to identify it, but DN reported that it’s a site Statoil employees regularly log into with a user name and password, to gain access to its exclusive data for which Statoil reportedly pays large sums.
Alarms rang when Statoil’s Intrusion Detection System (IDS) discovered that someone was trying to download code into some of Statoil’s employees’ computers. Statoil’s IT experts then saw that the code tried to enable communication with so-called “black lists,” areas within Statoil’s systems that aren’t related to ordinary business operations.

Our employees were naturally surprised when we called and told them that we had to confiscate their PCs because we suspected they’d been attacked,” Indrebø told DN. The employees hadn’t noticed anything, but had received a message when logging into the international data website to click on a java page. That set off the process of downloading the dangerous code.
Other energy companies also ended up under attack, which Indrebø described as “advanced,” not least because the dangerous code was altered while the attack was in progress, indicating someone was monitoring it. Statoil’s team battled the attack for three days until it was successfully fended off on March 15.
Indrebø said Statoil’s defense systems block around 2,500 emails sent to the company every week, because of suspicious files and content. “Every month the virus alarm sounds a few thousand times,” she added. At a time of widespread cost-cutting at Statoil, computer security is one area that’s expected to grow. Knight, the member of Statoil’s top management in charge of strategy, wrote that cyber criminals are getting increasingly sophisticated and potentially dangerous, and employees are urged to be extra vigilant.