Businesses shy away from disclosing security incidents. And some companies only reveal after sustaining the damages. Recently, Saudi Arabia’s state oil giant Saudi Aramco confirmed that it has suffered a data breach that exposed some of the company’s files via third-party contractors.
Saudi Aramco stated that it “recently became aware of the indirect release of a limited amount of company data which was held by third-party contractors. We confirm that the release of data was not due to a breach of our systems, has no impact on our operations and the company continues to maintain a robust cybersecurity posture.”
Aramco did not reveal the name of the contractor that was affected, nor did it provide details about the information that was impacted in the security incident. The Associated Press reported that the attackers obtained over one terabyte (1,000 gigabytes) of Aramco data and exposed it on the dark web. While the operators behind this cyber extortion scam are currently unknown, they are allegedly demanding a ransom of $50 million in cryptocurrency to delete the data from the dark web.
Third-party Security is a Must
Speaking with CISO MAG, Dirk Schrader, Global VP of Marketing at Netwrix, said that the security of third-party contractors can’t be ignored when they are holding the company’s confidential data and networks.
“While keeping in mind that most of the details about this breach are unconfirmed, only its mere existence is confirmed yet, the list of data points in the trove provided by the threat actor is worrying. Information about employees, with full details of about one-fourth of all of Aramco’s workforce, is a collection that can’t be ignored by cybercriminals using spear-phishing tactics or attempting some type of business email compromise, which in itself is supported by additional pieces of information in the trove like invoices and contracts. Overall, the potential risk related to this breach cannot be ignored by Saudi Aramco,” Schrader added. “Aramco might be correct to state that its cybersecurity is robust and that it has not experienced an impact to its operations – so far. The trove seems to hold enough information to change that verdict.”
This is not the first time Aramco suffered a cyberattack. The oil giant was hit by the infamous Shamoon malware in 2012, which deleted data from the company’s hard drives and forced it to shut down its operations by affecting over 30,000 systems.
Energy Sector Become a Frequent Target
Ransomware attacks on organizations in the energy sector have become more prevalent in recent times. From power-grid to fuel pipeline operators, hackers often target critical sectors to cause massive disruption to services and threaten them to expose the data if the ransom is not paid. Recently, the Colonial Pipeline in the U.S. reportedly paid over $4.4 million in ransom after ransomware operators encrypted its systems.