Cyber War Envelops Middle East
Wiper was an aggressive piece of malware that targeted machines belonging to the Iranian Oil Ministry and the National Iranian Oil Company in April.
...No one has ever found a sample of Wiper in order to study its code and determine exactly what it did to machines in Iran, but Kaspersky did obtain mirror images of “dozens” of hard drives that had been hit by the malware.
Although the disks were thoroughly wiped in most cases, leaving no malware behind – or much of anything else – the researchers did find evidence of its previous existence on some of the systems that weren’t completely wiped. The evidence came in the form of a registry key that pointed to files that had been on the machines before being erased.
According to Kaspersky, the wiping activity occurred between April 21 and April 30. Wiper’s erase operation focused initially on destroying data on the first half of a disk, then systematically erasing system files, causing the systems to crash and preventing them from rebooting... _Wired
But Iran has not been entirely passive in this cyber-war. A recent cyber attack against Saudi Aramco -- Saudi Arabia's state energy company -- is thought to have originated with groups allied with Iran.
Saudi Aramco, Saudi Arabia's national energy company, said on Sunday it had repaired 30,000 workstations infected with a malicious virus earlier this month....
...A group calling itself the "Cutting Sword of Justice" claimed responsibility for the attacks. The group accused the Saudi Arabian government of supporting "crimes and atrocities" in countries such as Syria and Egypt, according to a post on Pastebin.
Saudi Aramco said it expected further intrusions. "Saudi Aramco is not the only company that became a target for such attempts, and this was not the first nor will it be the last illegal attempt to intrude into our systems, and we will ensure that we will further reinforce our systems with all available means to protect against a recurrence of this type of cyber-attack." _CW
Saudi Aramco is right to expect further attacks, just as the Iranian Oil Ministry should expect further attacks. In fact, all middle eastern oil production in and around the Persian Gulf is vulnerable to one type of malware or another. Whoever controls the flow of oil will be able to hold global oil markets hostage to potentially devastating price swings.
Earlier this year, a group of international experts at the Herzliya Conference imagined a very different scenario — a far more drastic one — in which a sophisticated attack on Abqaiq was directed by Iran and carried out from within. In the simulation, a series of explosions, along with a cyber-weapon, crippled the facility...
...The results of this simulated attack, detailed here in full for the first time, were profoundly disturbing. The price of oil skyrocketed to over $200 per barrel. The House of Saud, and the territorial integrity of the kingdom, were existentially threatened. Saudi Arabia’s neighbors — Jordan, Iraq, the UAE, Bahrain, Qatar, Kuwait and Oman — were destabilized. Developing countries that use oil for electricity were propelled into war, both civil and external.
And Iran, the world’s third-largest producer of oil, authoritatively recognized as the perpetrator of the attack, reaped the rewards, its influence growing throughout the Middle East as the demand for oil outpaced the supply, and the Shiite populations in the Gulf — increasingly unrestful throughout the Arab Spring revolutions — rose up in arms.
“The simulation showed that global over-reliance on Saudi oil and our over-reliance on Saudi stability, would give Iran, in the case of such an attack, carte blanche in the Middle East — and that’s without a nuclear weapon,” said Tommy Steiner, the author of the report... _How Iran Might Triumph Even Without Nukes
The evolution of increasingly sophisticated cyber attacks has just begun, and every industrial facility and information network is clearly at risk.
There is a limit to how well protected large networks can be and still function. In this situation, resilient backups will be increasingly important.