Facebook iconTwitter icon
The OilRig Malware Threatens Doom
The OilRig Malware Threatens Doom
Time icon19 October 2016, 7:46 am

Cyber attacks are commonplace, to the extent minor attacks do not even make news now. However, one malware that has made stakeholders take notice is the “OilRig” backdoor malware. The malware first made its appearance in May 2016, targeted oil companies in Saudi Arabia, and of late has been trying to infiltrate government entities and organisations in Israel, Turkey, Qatar, and the U.S. 

The malware makes its entry through spear phishing attempts, using malicious Excel documents that distribute the malware using macros. When employees download the email attachment, the malware downloads itself and exploits vulnerabilities in the system to incapacitate the networks. Several oil rigs and platforms have been disrupted this way, in recent months. Considering such malfunctioning of rig and safety systems has the potential to cause major disasters such as a well blowout or explosion, leading to oil spills and lost human lives, the worst-case harm scenario for this malware is deadly. 

The malware is still evolving. Over the last five months, the malware has developed four distinct variants. Each variant drops different filenames, when executed. The malware recently updated its Clayside delivery documents and “Helminth” backdoor software, indicating a fresh wave of attacks in the offing.

The phishing email targeting some organisations in Qatar recently had a high degree of authenticity, with very relevant email that could trap even the most suspicious user. In fact, some of the email seemingly originated from partner organisations already in a relationship with the recipient. 

The spread of such malware indicates big gaps in security. Despite several initiatives taken over recent years, enterprises have a long way to go in keeping their networks safe. While preventing malware from infiltrating the network is practically impossible as of now, companies could do well to contain the menace by implementing strict access control to control systems, and updating software promptly, to pre-empt the malware from exploiting vulnerabilities in the system.