A Government official is reported to have claimed that approximately 300 oil and energy companies in Norway have been hit by
one of the biggest cyber-attacks ever to have happened in this Scandinavian country.
This was first reported by The Local and Dagens Næringsliv which stated that the
National Security Authority Norway (Nasjonal Sikkerhetsmyndighet, NSM)
has detailed how 50 companies in the oil sector were hacked and how
another 250 have been warned that they may have been hit too.
NSM which is Norway's cyber crime prevention authority, an
equivalent of CERT-UK in Great Britain has warned companies about the
newest threats. It
took part of the CyberEurope2014 exercise in June.
The companies themselves haven't been named – although NSM is
investigating whether the computer systems at Statoil, Norway's largest
oil company, were targeted. Prima facie it seems that Statoil was able
to fend of the attack. Statoil claimed it “has control” over the
attack. It also confirmed that it was among the firms who were target
of a “massive and advanced” attack by hackers last year that went on for
three days. Technical details are also few and far
between at this moment in time.
This isn't the first time this type of attack has hit Norwegian shores,
with ten oil, gas and defence sector firms hit via targeted
spear-phishing emails in 2011. The unidentified hackers made off with
industrial drawings, contracts and log-in credentials.
“It’s a big, bad world out there,” wrote John Knight,
Statoil’s strategy
director, in an update on the company’s internal website earlier this
summer. Newspaper Dagens Næringsliv (DN), which broke the news this week
about the national security agency (NSM)’s warnings to as many as 300
Norwegian companies, reported Thursday that Statoil faced an even more
serious situation last year.
“It started on March 12,” recalled Statoil IT director Sonja Chirico
Indrebø. She told DN that it prompted Statoil to confiscate 40 computers
from its employees who hadn’t even noticed that unknown hackers were
using them to get around Statoil’s security systems.
The attack involved the hackers’ earlier success at breaking into the
website of a well-known international company that gathers data on the
oil industry. Statoil declined to identify it, but DN reported that it’s
a site Statoil employees regularly log into with a user name and
password, to gain access to its exclusive data for which Statoil
reportedly pays large sums.
Alarms rang when Statoil’s Intrusion Detection System (IDS)
discovered that someone was trying to download code into some of
Statoil’s employees’ computers. Statoil’s IT experts then saw that the
code tried to enable communication with so-called “black lists,” areas
within Statoil’s systems that aren’t related to ordinary business
operations.
“Our employees were naturally surprised when we called and told them
that we had to confiscate their PCs because we suspected they’d been
attacked,” Indrebø told DN. The employees hadn’t noticed anything, but
had received a message when logging into the international data website
to click on a java page. That set off the process of downloading the
dangerous code.
Other energy companies also ended up under attack, which Indrebø
described as “advanced,” not least because the dangerous code was
altered while the attack was in progress, indicating someone was
monitoring it. Statoil’s team battled the attack for three days until it
was successfully fended off on March 15.
Indrebø said Statoil’s defense systems block around 2,500 emails sent
to the company every week, because of suspicious files and content.
“Every month the virus alarm sounds a few thousand times,” she added. At
a time of widespread cost-cutting at Statoil,
computer security is one area that’s expected to grow. Knight, the
member of Statoil’s top management in charge of strategy, wrote that
cyber criminals are getting increasingly sophisticated and potentially
dangerous, and employees are urged to be extra vigilant.