UPDATED 21:29 EDT / JANUARY 09 2020

SECURITY

Iranian hackers hit Bahrain oil company, target US power utilities

Iranian hackers have hit Bahrain’s national oil company as a new report finds that Iranian state-sponsored hackers have also been targeting U.S. power utilities.

The attack in Bahrain targeted oil company Bapco Dec. 29 and is said to have involved the use of the new strain of data-wiping malware. Dubbed “Dustman” by the Saudi Arabia National Cybersecurity Authority, the malware, designed to delete data on an infected computer, was quickly detected with only minor disruptions on Bapco’s network.

“This attack could have been much worse, and while we don’t know all the details, I’m willing to bet that Bapco had planned out their response before this incident occurred,” Roger A. Grimes, data-driven defense evangelist at security training company KnowBe4 Inc., told SiliconANGLE. “The lack of utter devastation this time around should be counted as a major computer defense success. ”

Grimes noted that the 2012 Disttrack attack against Saudi Aramco, which devastated that company and put all of Saudi Arabia on its heels for half a year, led to the better successful defense of Bahrain.

“The Saudi Aramco attack changed everything for that part of the world,” he said. “Before the Saudi Aramco attack, Middle East computer security was worse than poor. It was almost nonexistent. But losing 32,000 computers, servers and workstations, in one of the world’s first nation-state attacks and the shutting down of the number one wealth producer for the country has a way of creating focus.”

separate report from cybersecurity report Dragos Inc. details the activities of an Iranian hacking group it calls Magnallium, also known as APT33 in targeting U.S. power companies.

The report says that the group has been undertaking a broad campaign of password-spraying attacks against U.S. firms since the beginning of 2019. Those are attacks that attempt to access accounts with a few commonly used passwords. Wired reported that another Iranian group called Parasite has also been working with Magnallium by attempting to exploit vulnerabilities in virtual private networking software.

Dragos did not say whether any of the attacks were successful.

Jason Kent, hacker in residence at application security firm Cequence Security Inc., noted that these groups are looking for ways to cause the greatest amount of disruption with the least amount of effort possible.

“Because our electrical grid and gas systems are largely run by regional monopolies, the attackers cannot focus on one target,” he said. “This can be a protective measure so long as each of these organizations has tightened security to the NERC-CIP standards that govern the security of the grid.”

The problem, Kent said, is that security standards often have certain holes and can allow for an attacker to gain access. “These holes are what they are counting on,” he said. “Once in, deleting files or causing damage to networks, has been their goal. Hopefully, they won’t move on to more sophisticated attacks targeting the destruction of sensitive systems like our nuclear power generation systems.”

 

Photo: ShashiBellamkonda/Wikimedia Commons

A message from John Furrier, co-founder of SiliconANGLE:

Show your support for our mission by joining our Cube Club and Cube Event Community of experts. Join the community that includes Amazon Web Services and Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger and many more luminaries and experts.

Join Our Community 

Click here to join the free and open Startup Showcase event.

“TheCUBE is part of re:Invent, you know, you guys really are a part of the event and we really appreciate your coming here and I know people appreciate the content you create as well” – Andy Jassy

We really want to hear from you, and we’re looking forward to seeing you at the event and in theCUBE Club.

Click here to join the free and open Startup Showcase event.