International oil company Saudi Aramco claims to be over a cyber attack on 15 August and maintains that oil production was not disrupted.
The company said around 30,000 workstation computers that were hit by a virus attack are back online, although remote access is still being restricted “as a precaution”.
Saudi Aramco has also not yet restored its website, displaying a message apologising for any inconvenience instead.
"We have isolated all our electronic systems from outside access as an early precautionary measure that was taken following a sudden disruption which affected some sectors of our network," the message reads. “Most of the damage has now been repaired."
A group named the Cutting Sword of Justice – which blames the Saudi Government for “crimes and atrocities” in several countries – has claimed responsibility for the attack in an online forum.
The group said the state-run oil firm was hit because it was a key source of income for the government, according to the BBC.
Read more about malware
- Shamoon is latest malware to target energy sector
- Disttrack discovery highlights growing use of targeted malware
- APTs: Are they really a concern for all businesses?
Last week, cybersecurity researchers uncovered a new threat called Shamoon that they said was targeting infrastructure in the energy sector, but Saudi Aramco has not said whether this was the malware involved in the attack on its network.
Researchers at security firm Symantec said Shamoon, also known as W32.Disttrack, corrupts files on a compromised computer and overwrites the MBR (Master Boot Record) in an effort to render a computer unusable.
The attack is designed to penetrate a computer via the internet and then target other computers on the same network. Data on the targeted computers is replaced with image files to prevent data recovery.
Shamoon is the latest in a line of attacks that have targeted infrastructure. It follows Stuxnet – which was designed to hit nuclear infrastructure in Iran – and Duqu, Flame and Gauss, that have all sought to infiltrate networks to steal data.
With the increasing computerisation of critical infrastructure services, the energy and utility industries have never been more vulnerable to cyber attacks, according to security firm LogRhythm.
“Shamoon highlights the cascading effect that an attack can have on other infrastructure sectors and capabilities,” said Ross Brewer, vice-president and managing director International Markets at LogRhythm.
All the signs point to the threat landscape getting worse for utilities
Ross Brewer, vice-president and managing director, LogRhythm
A fundamental challenge faced by utilities is that supervisory control and data acquisition (SCADA) systems, which are in charge of infrastructure control systems, were never really designed to be secure from an IT perspective, he said.
With much of existing national infrastructure developed prior to the rise of the internet, Brewer said the focus of control system security is often limited to physical assets.
“Unfortunately, all the signs point to the threat landscape getting worse for utilities. One can only hope that the growing number of attacks aimed at these critical systems will serve as a wake-up call to policy makers across both private and public sectors,” he said.
Brewer believes that attacks on critical systems are inevitable and that both public and private entities must take adequate steps to ensure the ongoing security of their systems.
“As such, they must look to security intelligence platforms that have the capabilities to combine continuous event correlation for early threat detection, deep forensic search to understand the scope of impact and attack origin, as well as rapid and intelligent response to remediate any potential damage in real time,” he said.