27 Dec How it really happened : NINJIO Season 2, Episode 1, Saudi Aramco Breach
In our 1st Episode of Season 2, one of the world’s largest oil producers has roughly 35,000 of its computers shut down in a matter of hours due to a malware attack. After turning off the remaining systems, they scrambled for days trying to figure out what to do. Even after paying a large sum of money to get new systems quickly, it wasn’t quick enough. The tankers lined up waiting for their oil and the paper system wasn’t cutting it. At the end of the day, the CEO decided to give the oil away for free as that was the fastest method of getting tankers in and out, and keeping their customers.
We learn that the source of the breach was two attack vectors that commonly go together: a badge surfer who then proceeds to take pictures of passwords. Something he was able to do because employees were violating their employee clean desk policy.
Details of the worst hack in history explain how hackers were able to disrupt a Saudi oil company, Saudi Aramco.
Hackers have turned to oil and gas companies as a target because of their ability to cause major destruction such as explosions.
This article covers the aftermath of the data breach. IT administrators were forced to take the entire system offline after malware took 35,000 computers offline.
“Tailgating,” “badge surfing,” and “piggybacking” are all terms given to a security issue where a hacker follows an employee into a secured area. The employee does not ask for credentials for fear of being rude.
Clean desk policies avoid the security risks of piggybacking. This article explains the policy and how it can help with security and social engineering.