11 November 2018

Why People Are Worried That The Next Big Threat Will Come From Iranian Hackers Targeting American Oil Companies


Security experts are worried Iranian hackers may be preparing to attack against Western and Gulf oil companies in retaliation for US sanctions. FireEye said that APT33, a suspected Iranian hacking group, has been conducting a “spear-phishing” email campaign against organisations in the oil, gas, insurance and manufacturing sectors. An attack would not be unprecedented. In 2012 suspected Iranian hackers destroyed data on thousands of Saudi Aramco’s computers.

Businesses in Gulf countries allied to the US are under renewed threat from suspected Iranian hackers in what may amount to preparation for cyber retaliation against impending US sanctions on the country’s critical oil industry.


The apparent digital sabotage threat, which comes six years after energy companies in Saudi Arabia and Qatar fell victim to major Iran-linked cyberattacks, coincides with concern over hackers’ increased targeting of Gulf businesses. An annual regional cybersecurity survey revealed in May that over 40 per cent of the latter have had at least one breach in the last year, more than 10 per cent up on 2016 – though no mention of the likely source of the attacks was disclosed in reports on the findings.

But in September American Cybersecurity firm FireEye revealed that a suspected Iranian hacking group, which it has been monitoring for a number of years, had been conducting a “spear-phishing” email campaign against organisations based in the Middle East, North America and Japan, in sectors ranging from oil and gas, insurance to manufacturing. FireEye reportedly said the emails from the group, which it has named APT33, may have sought to steal information or prepare for disruptive attacks.

America has been bracing itself for cyber retaliation following its renewal of sanctions on Iran in the wake of President’s Trump’s withdrawal from the international nuclear deal, the JCPOA, earlier this year. Notwithstanding Washington’s concerns, its allies in the Gulf seem more likely targets as their defences against digital sabotage have been found wanting, resulting in substantial losses.
Damage from cyber attacks last year cost more than $1 billion

A PwC survey in 2016 showed that companies in the Middle East suffered larger losses than other regions the previous year as a result of cyber incidents, with 18 per cent of respondents in the region experiencing more than 5,000 attacks, compared to a global average of 9 per cent.

In March, a report by Siemens and the think-tank the Ponemon Institute said thatthe financial impact in the Gulf of digital attacks on oil and gas organisations was last year estimated to be more than $1 billion.

Following Trump’s abandonment of the JCPOA, over what he saw as its failure to stem Iran’s ballistic missile programme and destabilising influence in the region, a first set of so-called snapback sanctions came into effect in August. They imposed bans on certain US dollar and rial transactions and restrictions on several sectors, including automotive, industrial raw materials and precious metals. A second, potentially more damaging, tranche of measures targeting Iran’s oil industry, its principal source of foreign currency, starts this month.

A curb on oil exports could plunge Iran’s ailing economy into crisis. Prior to the August sanctions, Tehran had threatened to close the Strait of Hormuz, a major shipping lane for western-bound Gulf oil. While it could yet carry out its threat after this month’s measures are imposed, such an act would lead to a huge escalation in tensions with Washington, which the Iranians would probably not want. A seemingly more likely form of retaliation would be destructive cyberattacks against the US and its allies in the Middle East.
Spear-phishing surge in July

FireEye reportedly said that it had seen a surge in the number the spear-phishing emails targeting their clients in July, shortly before the first batch of snapback sanctions. It said that there were a number of signs that they were the work of hackers aligned with Tehran, including the use of Iranian hosting companies and links to an institute believed to play an important role in the regime’s cyber operations, according to media reports.

Speaking to journalists in Dubai in September, Alister Shepherd, an executive at a consulting arm of FireEye, was quoted in the regional newspaper the National as saying it was possible that APT33 was using the spear-phishing emails “to facilitate the theft of intellectual property or to subsequently cause disruption in retaliation to the sanctions”. The Associated Press news agency quoted Shepherd pointing out that “whenever we see Iranian threat groups active in the region, particularly in line with geopolitical events, we have to be concerned that they may be engaged in, or pre-positioning for, a disruptive attack”.

A destructive attack would not be unprecedented. In August 2012, in possible retaliation for an earlier cyber sabotage of its nuclear facilities, suspected Iranian hackers destroyed data on thousands of Saudi Aramco’s computers. Not long after, the hackers are thought to have conducted a similar attack on the the Qatari natural gas producer RasGas. At the time, Leon Panetta, then US Defence Secretary, described the targeting of the Saudi oil giant as probably the most destructive cyberattack on a private business.
Gulf firms are a soft target for hackers

Then, towards the end of 2016, the virus used in the Aramco incident reappeared in an updated form, destroying Saudi government and private sector databases and files, in apparent retaliation for the kingdom’s interventions in the Syrian and Yemeni conflicts, according to a report by the Carnegie Endowment for International Peace.

The Economist Intelligence Unit (EIU) says with the emergence of digitisation in Gulf Cooperation Countries (GCC), business and government online services in the region have become more vulnerable to cyberattacks. “GCC states have invested in cyber security, but in most member states these have not been sufficient to tackle the growing number and frequency of cyber attacks,” it said in a report in April.

An industry survey conducted in late 2016 suggested that Gulf firms are a ‘soft target’ for hackers. In its recent report, the EIU noted Saudi Arabia has yet to upgrade its cyber security and related technology to global standards. The Unit said the kingdom scored poorly on its 2018-19 measure of cyber preparedness in the GCC. At a time when tensions with Iran are high, this may prove to be a serious oversight.

Yigal Chazan is head of content at Alaco, a London-based business intelligence consultancy.Business Insider · by Alaco · November 4, 2018

No comments: