Norwegian state oil company Statoil claims it “has control” over what Norwegian national security authorities are calling the biggest targeted cyber attack on local companies ever. Statoil now confirms it also was the target of a “massive and advanced” attack by hackers last year that went on for three days.
“It’s a big, bad world out there,” wrote John Knight, Statoil’s strategy director, in an update on the company’s internal website earlier this summer. Newspaper Dagens Næringsliv (DN), which broke the news this week about the national security agency (NSM)’s warnings to as many as 300 Norwegian companies, reported Thursday that Statoil faced an even more serious situation last year.
“It started on March 12,” recalled Statoil IT director Sonja Chirico Indrebø. She told DN that it prompted Statoil to confiscate 40 computers from its employees who hadn’t even noticed that unknown hackers were using them to get around Statoil’s security systems.
The attack involved the hackers’ earlier success at breaking into the website of a well-known international company that gathers data on the oil industry. Statoil declined to identify it, but DN reported that it’s a site Statoil employees regularly log into with a user name and password, to gain access to its exclusive data for which Statoil reportedly pays large sums.
Alarms rang when Statoil’s Intrusion Detection System (IDS) discovered that someone was trying to download code into some of Statoil’s employees’ computers. Statoil’s IT experts then saw that the code tried to enable communication with so-called “black lists,” areas within Statoil’s systems that aren’t related to ordinary business operations.
“Our employees were naturally surprised when we called and told them that we had to confiscate their PCs because we suspected they’d been attacked,” Indrebø told DN. The employees hadn’t noticed anything, but had received a message when logging into the international data website to click on a java page. That set off the process of downloading the dangerous code.
Other energy companies also ended up under attack, which Indrebø described as “advanced,” not least because the dangerous code was altered while the attack was in progress, indicating someone was monitoring it. Statoil’s team battled the attack for three days until it was successfully fended off on March 15.
Indrebø said Statoil’s defense systems block around 2,500 emails sent to the company every week, because of suspicious files and content. “Every month the virus alarm sounds a few thousand times,” she added. At a time of widespread cost-cutting at Statoil, computer security is one area that’s expected to grow. Knight, the member of Statoil’s top management in charge of strategy, wrote that cyber criminals are getting increasingly sophisticated and potentially dangerous, and employees are urged to be extra vigilant.