Can haz tapes?
I read a while back that Google was the #1 buyer of magnetic tape. I wonder if the Saudis bothered to splash some cash on backups.
At least 15 Saudi government offices and private companies have been hit by another wave of attacks from Shamoon 2 malware that leaves hard drives completely erased. Shamoon 2 first surfaced in 2012, when it was used in a highly targeted attack against Saudi Aramco, the desert state's oil company that pumps 10 per cent of the …
"The motive for the attacks isn't known, but the malware is thought to be the creation of Iranian state-sponsored hackers. There is speculation that this latest Saudi infection might be retaliation for hacking against Iranian petrochemical facilities."
"Thought" and "speculated" by who? Sources would be nice.
I hope ElReg is not now part of some propaganda war.
Perhaps we should then agree on a suitable set of euphemisms to unequivocally distinguish "we're not saying it was them but technically it totally was them, 110%, on good authority" and "the idea has been floated around by various entities without half a clue but plenty of agenda" without having to articulate either of those explicitly. Right now they're kinda blurring together...
And it looks like everyone will.
Pro tip from "Zero days." There are no air-gapped systems.
Although you'd figure the Saudi oil and petrochems industries would try quite hard to keep their guards up, given how big a chunk of their economy is invested in them.
In some senses it does not matter where the threat originated. Planning for it (and what to do when, not if it happens) really should be part of all business continuity plans. A big business has a lot to lose, and they are both big businesses
Do the Saudis actually administer their systems or are expat doing it for them...
If it's expats that I would "presume" that they do actually have some kind of BCP/DRP in place, it's not like there are too many budgetary restraints.
Although you'd figure the Saudi oil and petrochems industries would try quite hard to keep their guards up, given how big a chunk of their economy is invested in them.
There is no "You can keep your guard up" if everything you do is bought. There is sub-1% of Saudis in their IT and Petrochem. The rest are foreign contractors. Mercenaries. While this is a problem around the Gulf in general, Saudi are probably the worst, followed closely by Kuwait. Emirates, Qatar, Oman, Bahrain have managed to build some education systems and create a pool of locals with suitable education. It is not big, but there are some in key places. Compared to that Saudi is all "buy more of these slaves, and gimme a kickback".
So breaching the air gap becomes simply a matter of following the classic quote from Kusturica's "Time of The Gypsies": "As our Bulgarian friends say, what cannot be bought with money, can be bought with lots of money".
"If this latest attack on Saudi Arabia is retaliation, then it appears we could be seeing the first nation-to-nation cyberwar."
C'mon, aren't the Korea's constantly in a cyberbicker? US and their old friends the Russians? And the Chinese and the....._______ aw just fill in the blank already.