As many as 300 oil and energy companies have been targeted by hackers in the largest ever coordinated cyber attack in Norway.
The Local reports that 50 companies in the oil sector have already been breached while another 250 are at risk.
Nasjonal Sikkerhetsmyndighet – Norway’s National Security Authority (NSM) – has issued warnings to the companies it believes may be targeted including Statoil, the country’s largest oil company. The identities of other firms that have been breached or targeted have not been disclosed at this time.
Statoil’s head of press, Orjan Haraldstveit, confirmed that the company had been warned by NSM and was checking its networks and systems for evidence of a breach, in line with its internal policies.
NSM said it passed on the warnings after being tipped-off by “international contacts”. The authority revealed that it had an idea who was responsible for the attacks but didn’t wish to divulge that information at this time.
According to Norwegian site NewsinEnglish, Peer Olav Ostli of Statnett revealed that an employee had received an email containing a suspicious attachment.
The NewsinEnglish report quotes Hans Christian Pretorius, director of the operative division of NSM, who spoke to Norwegian newspaper Dagens Naeringsliv:
They (the hackers) have done research beforehand and gone after key functions and key personnel in the various companies. Emails that appear to be legitimate are sent to persons in important roles at the companies with attachments. If the targeted employees open the attachments, a destructive program will be unleashed that checks the target's system for various holes in its security system. If a hole is found, the program will open a communications channel with the hackers and then the "really serious attack programs" can infect the targeted company’s computer system.
The goal is to plant a Trojan or a virus on the machine. The first program just sets up contact. Then the attacker can sit outside and download damaging code.
Pretorius went on to explain that the attacker’s goal was to install a keylogger which would allow passwords to be stolen. This, he said, could ultimately be used to siphon intellectual property out of the target organisation.
This is not the first cyber attack to hit the Norwegian oil industry. In 2011 a group of hackers stole login credentials, industrial drawings and contracts from at least 10 oil and gas companies in Norway.
Whatever the reason for the attacks, this should act as a reminder to stop and pause before opening emails from unknown senders and question the inclusion of email attachments even when the sender may appear to be someone you know.