More than a year after a drowned Syrian toddler washed up on a beach in Turkey, the tiny refugee’s body, captured in a photograph that shocked the world, reappeared on computer screens across Saudi Arabia -- this time as a prelude to a cyber attack.
The strike last month disabled thousands of computers across multiple government ministries in Saudi Arabia, a rare use of offensive cyberweapons aimed at destroying computers and erasing data. The attackers, who haven’t claimed responsibility, used the same malware that was employed in a 2012 assault against Saudi Arabian Oil Co., known as Saudi Aramco, and which destroyed 35,000 computers within hours.
The Middle East, home to almost half of global oil reserves and much of its natural gas, is also a magnet for some of the world’s costliest cyberattacks, PricewaterhouseCoopers LLP said in a March 2016 report. The threat is set to grow as online activity mushrooms amid the region’s myriad geopolitical conflicts and tensions.
“For the last couple of years the U.S. Department of Defense has been trying to get the Gulf states to harden their defenses,” said James Lewis, senior vice president at the Center for Strategic and International Studies in Washington, D.C. “Some of them are in OK shape. Saudi Arabia is not.”
Damage Unclear
The extent of the damage isn’t clear, though two people informed of the security breach said it targeted the Saudi central bank, the transportation ministry and the agency that runs the country’s airports. One bright spot is that the Saudis have been able to restore some lost data via back-ups, recovering faster than they did after the 2012 strike, said one person familiar with the clean-up.
The central bank, known as the Saudi Arabian Monetary Authority, denied that its systems were breached. The country’s General Authority of Civil Aviation said damage to its networks was limited to some office systems and employee e-mails.
While the assault was similar to the one that hit Saudi Aramco four years ago, the impact was “much smaller” and didn’t disrupt transportation or aviation services, said Abbad Al Abbad, executive director for Strategic Development and Communication at the Riyadh-based National Cyber Security Center.
Online Market
Cyberattacks in the Middle East threaten more than governments and public facilities -- they put economic development at risk. A unified regional online market could expand to include 160 million users by 2025 and add about $95 billion to gross domestic product, according to consultant McKinsey & Co. Saudi Arabia, the United Arab Emirates and other Arab states in the Gulf are leading this growth.
“The rapid adoption of digitization in the U.A.E. and Gulf Cooperation Council countries has made the region an attractive target for a wide array of security breaches, perpetrated by hackers with advanced cyber exploitation technologies,” Mohit Shrivastava, a senior analyst for information security at consultant MarketsandMarkets, said in a Dec. 5 e-mail.
Six months ago, FireEye Inc. detected cybercriminal strikes on Middle Eastern banks that were launched through e-mail attachments. The California-based cybersecurity company said the attackers appeared to be probing for targets.
U.S. officials have said Iran was behind the 2012 attack against Saudi Aramco, and investigators also suspect Iranian hackers of involvement in the November blitz on Saudi government bodies. Media officials at Iran’s Foreign Ministry weren’t immediately available for comment.
Iran too has been a victim of cybersabotage. A computer worm known as Stuxnet derailed work at the country’s main uranium-enrichment facilities in 2010, and the Flame virus crippled the Iranian energy industry two years later. Iran suggested that both incidents involved Israel, which doesn’t comment on its reported involvement in cyberattacks.
Comments
Post a Comment