Oil and Natural Gas Firm Faces Ransom Demand From Extortionists
Saudi Arabian Oil Company faces a ransom demand of $50 million from extortionists after a data leak of corporate data. According to the oil and natural gas firm, corporate data was leaked after attackers breached one of its suppliers. The attacker is demanding the ransom in the form of Monero cryptocurrency.
Leaked Data Includes Information Relating To 14,000 Employees
Although Saudi Aramco’s internal IT systems were not affected, their supplier’s leaked data included information related to about 14,000 employees.
Leaked information includes:
- Passport details
- Phone numbers
- Identification numbers
- Invoices
- Contracts
- Client data
- Documentation about Saudi Aramco’s network
Compromised employer information can be used in future cyberattacks. for example, cybercriminals attempt to find out which employees have access to human resources information or financial account. your taters may launch future cyber attacks using fake invoices that impersonate vendors. the goal is to trick someone with the ability to make payments into thinking they are paying a legitimate invoice.
Cybercriminals also engage in cyber espionage I may work at the behest of other governments.
According to the oil giant, Saudi Aramco’s internal IT systems were not affected by the breach. Unlike the recent attack on Colonial Pipeline, the one on the Saudi Arabian company did not affect its oil and gas operations.
“Aramco recently became aware of the indirect release of a limited amount of company data which was held by third-party contractors…” a Saudi Aramco representative told Information Security Media Group.
“We confirm that the release of data was not due to breach of our systems, has no impact on our operations and the company continues to maintain a robust cybersecurity posture.”
Carte blanch access means contractors may complete freedom to act as they wish or presume best. This sometimes does not include acting with information security best practices. When it comes to scaling a business and increasing profits, companies often focus on product, sales, and customer service.
Cyber security becomes a second or even last priority to business owners. Many will opt to offload or outsource portions of their operations to third parties, giving them the freedom to operate in the way they deem fit for the situation. One less thing to worry about when operating a large company or service is a welcome notion. However, the risk involved in this approach is proving to be higher as reports are increasing of third-party breaches.
Saudi Aramco has not identified the supplier in question or the intrusion method.
Attacker Zerox296 Claims Responsibility
An attacker going by the name Zerox296 claims to be responsible for the cyberattack on Saudi Aramco.
Zerox296 claims that they were able to exploit a zero-day vulnerability in a cloud storage platform in order to steal 1TB of corporate data. Whether this was the true nature of the exploit is not yet confirmed as no evidence has been provided to support it.
The attacker posted their ransom demand of $50 million in Monero on a ransomware extortion site that was created specifically for this attack using an anonymizing Tor network. Using this network makes the website difficult to trace. The stolen data was advertised on a well-known leak site.
