据7月22日BBC报道,黑客利用沙特阿美泄漏的文件,向该公司勒索5000万美元(3650万英镑)。
要知道,长期以来,全球油气行业一直因未能在网络安全方面进行投资而受到批评。今年5月,美国Colonial Pipeline公司遭到勒索软件网络攻击。
在一份电子邮件声明中,沙特阿美表示,有可能是第三方承包商间接泄露了公司的数据,不过,这部分数据数量有限。
这家沙特能源巨头没有说明哪个承包商受到了影响,也没有说明该承包商是否遭到了黑客攻击,或者文件存在着其他泄露方式的可能。
该公司表示:“我们确认,数据泄露并非由于我们的系统遭到破坏,不会对我们的运营造成影响,公司将继续保持强大的网络安全态势。”
据美联社(AP)报道,沙特阿美的数据中有1万亿字节(即1000千兆字节)被勒索者持有,他们引用了暗网的一个页面——这是加密网络中的一部分,只有通过专门的匿名提供工具才能访问。
美联社报道称,该页面提出要删除这些数据,以换取5000万美元的加密货币,不过目前还不清楚谁是勒索阴谋的幕后黑手。
英国广播公司要求沙特阿美澄清美联社有关沙特阿美成为5000万美元勒索目标的报道,沙特阿美没有立即做出回应。
专家称,石油和天然气行业,包括拥有油井、管道和炼油厂的公司,多年来一直未能在网络安全方面进行投资。这并不是沙特阿美第一次成为数据相关攻击的目标。2012年,该公司的计算机网络受到了所谓的Shamoon病毒的攻击。
今年美国Colonial Pipeline公司遭遇的一次网络攻击,进一步突显了能源行业计算机系统的脆弱性。
王佳晶 摘译自 BBC
原文如下:
Hackers reportedly demand $50m from Saudi Aramco over data leak
The files are now reportedly being used in an attempt to extort $50m (£36.5m) from the company.
The global oil and gas industry has long been criticised for failing to invest in cyber security.
In May, the Colonial Pipeline in the US was hit by a ransomware cyber-attack.
In an emailed statement, Aramco told the BBC that it "recently became aware of the indirect release of a limited amount of company data which was held by third-party contractors."
The Saudi Arabian energy giant did not say which contractor was affected nor whether the contractor had been hacked or if the files were leaked in some other way.
"We confirm that the release of data was not due to a breach of our systems, has no impact on our operations and the company continues to maintain a robust cybersecurity posture," the firm said.
According to the Associated Press (AP), one terabyte, or 1,000 gigabytes, of Aramco's data was being held by extortionists, citing a page on the darknet - a part of the internet within an encrypted network which is accessible only through specialised anonymity-providing tools.
The AP report said the page offered to delete the data in exchange for $50m in cryptocurrency, although it is unclear who is behind the ransom plot.
Aramco did not immediately respond to a BBC request for clarification over the AP report that the company was the target of a $50m extortion attempt.
The oil and gas industry, which includes companies that own wells, pipelines and refineries, has failed to invest in cyber-security over the years, according to experts.
This is not the first time Aramco has been the target of a data-related attack. In 2012, the company's computer network was hit by the so-called Shamoon virus.
A cyber-attack this year on the Colonial Pipeline in the US further highlighted the vulnerabilities of the energy industry's computer systems.
免责声明:本网转载自其它媒体的文章,目的在于弘扬石化精神,传递更多石化信息,并不代表本网赞同其观点和对其真实性负责,在此我们谨向原作者和原媒体致以敬意。如果您认为本站文章侵犯了您的版权,请与我们联系,我们将第一时间删除。
