UPDATED 21:29 EDT / JANUARY 09 2020

SECURITY

Iranian hackers hit Bahrain oil company, target US power utilities

Iranian hackers have hit Bahrain’s national oil company as a new report finds that Iranian state-sponsored hackers have also been targeting U.S. power utilities.

The attack in Bahrain targeted oil company Bapco Dec. 29 and is said to have involved the use of the new strain of data-wiping malware. Dubbed “Dustman” by the Saudi Arabia National Cybersecurity Authority, the malware, designed to delete data on an infected computer, was quickly detected with only minor disruptions on Bapco’s network.

“This attack could have been much worse, and while we don’t know all the details, I’m willing to bet that Bapco had planned out their response before this incident occurred,” Roger A. Grimes, data-driven defense evangelist at security training company KnowBe4 Inc., told SiliconANGLE. “The lack of utter devastation this time around should be counted as a major computer defense success. ”

Grimes noted that the 2012 Disttrack attack against Saudi Aramco, which devastated that company and put all of Saudi Arabia on its heels for half a year, led to the better successful defense of Bahrain.

“The Saudi Aramco attack changed everything for that part of the world,” he said. “Before the Saudi Aramco attack, Middle East computer security was worse than poor. It was almost nonexistent. But losing 32,000 computers, servers and workstations, in one of the world’s first nation-state attacks and the shutting down of the number one wealth producer for the country has a way of creating focus.”

separate report from cybersecurity report Dragos Inc. details the activities of an Iranian hacking group it calls Magnallium, also known as APT33 in targeting U.S. power companies.

The report says that the group has been undertaking a broad campaign of password-spraying attacks against U.S. firms since the beginning of 2019. Those are attacks that attempt to access accounts with a few commonly used passwords. Wired reported that another Iranian group called Parasite has also been working with Magnallium by attempting to exploit vulnerabilities in virtual private networking software.

Dragos did not say whether any of the attacks were successful.

Jason Kent, hacker in residence at application security firm Cequence Security Inc., noted that these groups are looking for ways to cause the greatest amount of disruption with the least amount of effort possible.

“Because our electrical grid and gas systems are largely run by regional monopolies, the attackers cannot focus on one target,” he said. “This can be a protective measure so long as each of these organizations has tightened security to the NERC-CIP standards that govern the security of the grid.”

The problem, Kent said, is that security standards often have certain holes and can allow for an attacker to gain access. “These holes are what they are counting on,” he said. “Once in, deleting files or causing damage to networks, has been their goal. Hopefully, they won’t move on to more sophisticated attacks targeting the destruction of sensitive systems like our nuclear power generation systems.”

 

Photo: ShashiBellamkonda/Wikimedia Commons

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU