A Government official is reported to have claimed that approximately 300 oil and energy companies in Norway have been hit by one of the biggest cyber-attacks ever to have happened in thisย Scandinavianย country.
This was first reported by The Local and Dagens Nรฆringsliv which stated thatย the National Security Authority Norway (Nasjonal Sikkerhetsmyndighet, NSM) has detailed how 50 companies in the oil sector were hacked and how another 250 have been warned that they may have been hit too.
ย
NSM ย which is Norway’s cyber crime prevention authority, an equivalent of CERT-UK in Great Britain has warned companies about the newest threats. It took part of the CyberEurope2014 exercise in June.
The companies themselves haven’t been named โ although NSM is investigating whether the computer systems at Statoil, Norway’s largest oil company, were targeted. ย Prima facie it seems that Statoil was able to fend of the attack. ย Statoil claimed it โhas controlโ over the attack. ย It also confirmed that it was among the firms who were target of a โmassive and advancedโ attack by hackers last year that went on for three days.ย Technical details are also few and far between at this moment in time.
ย
This isn’t the first time this type of attack has hit Norwegian shores, with ten oil, gas and defence sector firms hit via targeted spear-phishing emails in 2011. The unidentified hackers made off with industrial drawings, contracts and log-in credentials.
โItโs a big, bad world out there,โ wrote John Knight, Statoilโs strategy director, in an update on the companyโs internal website earlier this summer. Newspaper Dagens Nรฆringsliv (DN), which broke the news this week aboutย the national security agency (NSM)โs warnings to as many as 300 Norwegian companies, reported Thursday that Statoil faced an even more serious situation last year.
โIt started on March 12,โ recalled Statoil IT director Sonja Chirico Indrebรธ. She told DN that it prompted Statoil to confiscateย 40 computers from its employees who hadnโt even noticed that unknown hackers were using them to get around Statoilโs security systems.
The attack involved the hackersโ earlier success at breaking into the website of a well-known international company that gathers data on the oil industry. Statoil declined to identify it, but DN reported that itโs a site Statoil employees regularly log into with a user name and password, to gain access toย its exclusive data for whichย Statoil reportedly pays large sums.
Alarms rang when Statoilโs Intrusion Detection System (IDS) discovered that someone was trying to download code into some of Statoilโs employeesโ computers.ย Statoilโs IT experts then saw that the code tried to enable communication with so-called โblack lists,โ areas within Statoilโs systems that arenโt related to ordinary business operations.
โOur employees were naturally surprised when we called and told them that we had to confiscate their PCs because we suspected theyโd been attacked,โ Indrebรธ told DN. The employees hadnโt noticed anything, but had received a message when logging into the international data website to click on a java page. That set off the process of downloading the dangerous code.
Other energy companies also ended up under attack, which Indrebรธ described as โadvanced,โ not least because the dangerous code was altered while the attack was in progress, indicating someone was monitoring it. Statoilโs team battled the attack for three days until it was successfully fended off on March 15.
Indrebรธ said Statoilโs defense systems blockย around 2,500 emails sent to the company every week, because of suspicious files and content. โEvery month the virus alarm sounds a few thousand times,โ she added. At a time of widespreadย cost-cutting at Statoil, computer security is one area thatโs expected to grow. Knight, the member of Statoilโs top management in charge of strategy, wrote that cyber criminals are getting increasingly sophisticated and potentially dangerous, and employees are urged to be extra vigilant.