.

Monday, August 26, 2019

Shamoon incident at Aramco Case Study Example | Topics and Well Written Essays - 1000 words

Shamoon incident at Aramco - Case Study Example This was the first malware used by the hacktivism front and hence the company’s network was not in a position to handle the complexity of this virus. Indeed, unlike other malware whose impact cannot overcome the antivirus set in the company’s network, the technology used in Aramco was way below that of the hackers. The network system in Aramco offers security to theft of data but has no capacity to handle annihilation manifested by Shamoon. In addition, the company’s anti-hacking and firewall software is incapable to deal with such technologically advanced malware like Shamoon. Moreover, the company’s IT and computer systems policies require a review. Sadly, the network system of Aramco allows multiple users to access both unclassified and classified information at the same time, which jeopardizes the security of the system as seen in the Shamoon attack. In addition, Aramco’s network allows its employees and expatriate employees to run information s ystems and then divulge such information that acts as leeway to cyber-attacks. Indeed, the company needs to review and update its IT policies and computer systems for purposes of dealing with such complicated malware as Shamoon (Mashat, 2012, p.1). Otherwise, the ease to access, lack of proper authorization, and use of ancient anti-hacking and firewall software, jeopardizes the security of Aramco’s network system. How the Attack Happened One group of hackers has claimed responsibility over the Shamoon attack on Aramco. The group, Cutting Sword of Justice asserts that the cyber-attack took place beginning Wednesday, Aug 15, 2012 at 11:08 AM and was complete within a few hours (Fisher, 2012, p.1). Although, this information is not certain, there are clear indications that lead to this assertion. Indeed, in the same day after Cutting Sword of Justice asserted this, Saudi Aramco confirmed that part of its computer system used by its employees is under cyber-attack courtesy of a c omputer virus. Alternatively, several antivirus vendors Kaspersky Lab, Symantec, McAfee confirmed the existence of such a virus and named it Shamoon or Disttrack (Higgins, 2012, P. 16). Indeed, the hackers took the virus from another computer package and dropped it off in the Aramco’s computer system. We may need to define the details of this virus to reinforce our understanding on how this attacked happened. Shamoon or Disttrack is a legitimate software driver with a digital signature inside its package. Specifically, the virus is referred to as W32. Disttrack and ha distinct security components. Indeed, W32.Disttrack has a dropper that played a major role in creating and providing the original infection. Subsequently, the dropper significantly dropped other modules in initiating the attack. In addition, the W32.Disttrack has a wiper whose main responsibility in the attack was to destroy the network of target system, Aramco. Moreover, the wiper has the capability to enable u ser-mode applications to read and write to disk sectors of other systems (Secretary of Defense Leon E. Panetta, 2012, n. p). As such, it is most applicable in overwriting the computer's Master Boot Record. Indeed, the wiper deleted all the existing drivers and overwrote the signed one in Aramco’s network. Most significantly, the W32.Disttrack entails a reporter, which was significant in reporting the success of the attack to the attacker. The reporter takes back all the details

No comments:

Post a Comment