Let's start with the facts: Monday 10th December 2018, the Italian company of Perforations and Assemblies (Saipem), an Italian company present worldwide with about 32.000 employees, publicly denounces with a tight press release that it has identified a cyber attack against its own servers and that the activities were in progress investigation and reporting to the authorities.
Two days later, 12th December 2018, new press release: "The cyber attack hit servers based in the Middle East, India, Aberdeen and, in a limited way, Italy through a variant of the Shamoon Malware. The attack led to the cancellation of data and infrastructure, typical effects of malware. The restoration activities, in a gradual and controlled manner, are under way through the back-up infrastructures and, when completed, will allow full operation of the impacted sites ... "
Now, let's understand something more. To do this, we move to the international press.
Il 13th December su Insurance Journal we can read that they were hit between the 300 and 400 servers and more than 100 computers, data attributed to the Head of the Digital and Innovation sector, Mauro Piasese.
Also always on Insurance Journal it refers to the massive attack of the 2012 to the company Aramco (Saudi Arabia) and RasGas (Qatar), an attack attributed to Iran (paternity always denied by Tehran) and which hit tens of thousands of computers. The Aramco company is the main customer of Saipem.
According to Adam Meyer, vice president of the American cyber security company CrowdStrike, the new variant of the Shamoon malware presents similarities to the campaign conducted in the 2012 that suggest the possibility that there is still Iran behind this attack.
Also on 13th December on the Reuters website it is stated that Saipem does not run any financial risk due to the cyber attack ... we avoid comments, it will be the time to give an answer.
Yesterday 14th December, its Defense and Security still appears an article with some more information. According to the author, Italian companies are indeed victims of scheduled attacks, we also learn that the various versions of malware have something in common, in fact they exploit the "Windows Server Message Block (SMB)" to spread within the systems and destroy data . From the official statements it is not possible to know the technical characteristics of the servers and computers affected in the networks or security systems employed but in any case we believe it is important to remember that an out-of-date system is an insecure system for which a visit to the Microsoft Security Update it could be good preventive care.
For years now there has been talk in the world of Cyber attacks ... is there still someone who thinks they are not a danger?
The real danger is to underestimate the risks that run or, even worse, to ignore them and think that these things happen only to others!
To learn more:
- http://www.saipem.com/sites/SAIPEM_it_IT/con-side-dx/comunicato%20stampa...
- http://www.saipem.com/sites/SAIPEM_it_IT/con-side-dx/comunicato%20stampa...
- https://www.insurancejournal.com/news/international/2018/12/13/511880.htm
- https://www.reuters.com/article/us-saipem-cyber/saipem-revenues-will-not...
- https://www.cybersecitalia.it/data-breach-maxi-cyber-attacco-alla-saipem...
- https://www.difesaesicurezza.com/cyber/le-aziende-in-italia-sono-vittime...
- https://argonsys.com/learn-microsoft-cloud/library/windows-10-protection...
- https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedet...
