UPDATED: State authorities are warning as many as 300 companies in the country’s major oil and energy industries this week that they’re the targets of the largest coordinated hacker attack ever registered in Norway. Attacks have been confirmed on around 50 companies, including Statnett, and the authorities fear more are underway.
Newspaper Dagens Næringsliv (DN) reported on Wednesday that the state national security authority NSM (Nasjonal Sikkerhetsmyndighet) was in the midst of mounting its largest warning operation ever, given the serious nature of the attacks.
“Around 300 companies are getting warnings from us now, with concrete information where we ask them to look for specific things in their logs,” Hans Christian Pretorius, director of the operative division of NSM, told DN. “”This is the largest warning we have ever carried out.”
The massive hacker attack comes just as thousands of oil and gas industry executives from all over the world are meeting in Norway’s oil capital of Stavanger for the huge Offshore Northern Seas exhibition. It was unclear whether non-Norwegian oil and gas companies were also under attack. Statnett, the state-owned operator of Norway’s energy system, confirmed that it was among the companies targeted but managed to fend it off.
NSM reported that it was alerted to the attack by “international contacts.” DN reported that NSM has some indications as to who is behind the attack but won’t make any conclusions public. NSM is working to control the attack along with the state oil authority Petroleumtilsynet and the energy and waterways authority NVE (Norges vassdrags- og energidirektorat).
Norwegian companies have been under attack before, including just this past summer when major businesses including Telenor and even Norway’s central bank were hit by a so-called “DDos” attack, under which a server is deliberately overloaded so that it no longer can be accessed. A teenager in Bergen was later arrested and charged with setting it off.
DN reported that the attack now underway against the oil industry in Norway is different and potentially far more serious. It’s known as “spearphishing,” in which the goal is usually industrial espionage.
“They (the hackers) have done research beforehand and gone after key functions and key personnel in the various companies,” Pretorius told DN. Emails that appear to be legitimate are sent to persons in important roles at the companies with attachments. If the targeted employees open the attachments, a destructive program will be unleashed that checks the target’s system for various holes in its security system. If a hole is found, the program will open a communications channel with the hackers and then the “really serious attack programs” can infect the targeted company’s computer system, Pretorius said.
“The goal is to plant a trojan or a virus on the machine,” Pretorius told DN. “The first program just sets up contact. Then the attacker can sit outside and download damaging code.” The motive, he said, can be to steal information, install a program to register keyboard functions and thus steal passwords. “Once a hacker is inside, it’s easier to keep working their way through the company,” Pretorius added.
Peer Olav Østli of Statnett said that one of the system operator’s employees received an email containing a suspicious attachment and didn’t open it. The attempted attack has shaken management, with Østli saying they took it “very seriously.”
Huge increase in attacks
Statoil officials have confirmed that they’re among the companies warned of the attack by NSM. “We have received a warning and are, as a matter of routine, checking our systems,” Statoil spokesman Ørjan Heradstveit told DN.
NSM officials were again stressing their often-repeated warning against opening attachments that arrive in email. Even the most savvy computer users can be tricked, however, after cases where hackers have used email addresses that look like they’re from company colleagues and therefore trusted senders.
The number of serious hacker attacks registered in recent years as risen steadily but now was doubling. “We’ve had a 100 percent increase compared to 2013 already this year,” Pretorius said. “And we don’t know what the autumn will bring.” NSM is now trying to work closely with companies to help them and help the agency itself track methods used in the attacks.