Yanbu University College

MIS203 –Case Study 4 & 5 [Assignment]

CS# CLO M.Marks Marks Obtained

Case Study #4 S-2.2 1.5
Case Study #5 C-3.4 1.5
Total : 3

ID 4111371 Nam Bandar Ali Alamri

e
Q. Read the following case story and answer the question given under CaseStudy#4 and #5.
[Do not answer by direct cut and paste. Paraphrase or rephrase answers in your own words.]

Cyber security vulnerabilities for oil & gas industry: Saudi Aramco case
(Source : https://safety4sea.com/cm-cyber-security-vulnerabilities-for-oil-gas-industry-saudi-aramco-case/)

Saudi Aramco suffered the worst hack in world history in 2012.

Following Mirai, WannaCry and NotPetya attacks that caused substantial damages across many
sectors in the past, safeguarding the ONG sector has been proved of foremost importance.
Specifically, a cyber-attack in the ONG may lead to plant shutdown, equipment damage,
undetected spills or safety measures violation that may result in injuries and even death. After
several high-profile attacks, including the 2012 Saudi Aramco attack which unleashed a virus that
affected 30,000 workstations, ONG companies have established their own protocols and
prevention procedures.

CYBER SECURITY

On 15 August 2012, an employee of Saudi Aramco with privileged access, opened a scam email; one of
those that every day pass through spam e mail). Evidence later led to conclusion that this act was in a
form of sabotage as the release of the virus that affected the system was intentional. The self-replicating
virus infected as many as 35,000 of its Windows-based machines. In practice the whole computer based
system of the organisation was destroyed in a matter of hours.

Shamoon was identified as the virus that caused significant disruption to of the world’s larger oil
producer. Its main function appeared to have been the indiscriminate deletion of data from computer
hard drives. Although this did not result in an oil spill, explosion or other major fault in operations of the
organisation, the attack affected the business processes resulting in the loss of some drilling and
production data. Saudi Aramco's computer technicians ripped cables out of the backs of computer
servers at data centers all over the world. Every office was physically unplugged from the Internet to
prevent the virus from spreading further.

Without access to the digital payment system, the company’s ability to supply 10% of the world with oil
was also wiped out and it had to stall the trucks waiting at its gates to take the oil away. Company was
sent back to 1970s as employees had to use typewriters and faxes in order to keep basic functions
operable.

While drilling and pumping of oil continued because it was automated, the business’s operational
capacity had to go offline to manage supplies, shipping and contracts. After 17 days, Saudi Aramco had
to start giving away oil for free to ensure supply within Saudi Arabia. The knock-on effect was a
constrained hard drive market as Saudi Aramco purchased 50,000 hard drives straight from factory
floors in Southeast Asia, at a higher price to cut queues. Five months later, with a newly secured
computer network and an expanded cybersecurity team, Saudi Aramco brought its system back online.
The hackers were never caught.

The attack in Saudi Aramco revealed some interest findings in respect of Cyber Security:

 Cyber-attacks are difficult to be predicted

 Attacker needs to find just one vulnerable access point to enter into a system
 Vulnerabilities of systems usually remain undetected.
 Attacks are usually anonymous and hard to be located
 Low cyber security awareness among employee leads to cyber incidents that may be proven
serious or catastrophic
 A computer based system collapse is rapid in relation to response actions. It only takes few
minutes for an internet based system or network to be affected.

Unfortunately lessons learned from the attack were not taken seriously into consideration and in 2014
more than 50 Norwegian oil and energy organisations were hacked by unknown attackers, according to
government security authorities.

Shamoon also attacked RasGas in Qatar, only after weeks of the Aramco cyber-attack. However, the
RasGas disturbance was negligible compared to Saudi Arabia’s impact and hopefully it did not affect the
production of natural gas.
Case Study-04

Q1. What are Mirai, WannaCry and NotPetya? Search internet to find their details and write a brief
note for each of them.

Answer:
Attacks like Mirai managed to hijack tens of thousands of IoT devices, such as DVRs and digital CCTV
cameras using known device passwords installed by their manufacturers. These devices were then
aggregated and used as a weapon to take out a massive chunk of the Internet. More recently, Mirai’s
lesser-known malware cousin, known as Hajime, upped the ante by adding cross-platform functionality
(it currently supports five different platforms), a toolkit with automated tasks, updatable passwords lists,
and the use of thresholds to mimic human behavior in order to stay under the radar.
WannaCry pioneered a new sort of ransomware/worm hybrid, something Fortinet calls a ransom worm,
in order to use a Microsoft exploit created by the NSA and publicly released by a hacker group known as
the Shadow Brokers. Rather than the usual ransomware method of selecting a specific target,
WannaCry's worm functionality allowed it to spread rapidly across the globe, attacking thousands of
devices and organization. While the potential was there, the damage was quickly curbed due to an
embedded kill switch.
However, while the 1988 worm was designed by an inquisitive grad student, Not Petya was the offspring
of stolen military grade programming created by the U.S. National Security Agency (NSA) married with a
researcher's proof of concept used to demonstrate that residual password information resided in a
computer's memory.

Q2. Read page 274 of your textbook " Kenneth C. Laudon, Jane P. Laudon - Essentials of MIS (12th
Edition)-Pearson (2016)" available on e-learning and find out what are malicious software and how
they spread.

Answer:

Malware in computer is a malicious software that destroys the computer data and operating system. It
often disguises as a harmless file to deceive the user. Once it’s installed, it replicates fast and infects the
other computers within the network. If malware in computer remains undetected, it may lead to a
computer malfunction.
Malware spreads in computer when you download or install an infected software. They also enter your
computer through an email or a link. Once malware enters the computer, it attaches itself to different
files and overwrites the data.
Some malwares are to be executed before it’s activated, but some spread immediately. As malware
travels within the network, it infects the computer it moves into.

Q3. a. What was the name of malware used by the attackers of Aramco?
b. What happened to the attackers?
Answer:
Shamon was identified as the virus that caused significant disruption to of the world’s larger oil
producer. Its main function appeared to have been the indiscriminate deletion of data from computer
hard drives.Saudi Aramco's computer technicians ripped cables out of the backs of computer servers at
data centers all over the world.
Case Study-05

Q1. What was the impact of cyber-attack on the business of Saudi Aramco?

Answer:
 Vulnerabilities of systems usually remain undetected.
 Attacks are usually anonymous and hard to be located
 Low cyber security awareness among employee leads to cyber incidents that may be proven
serious or catastrophic
 A computer-based system collapse is rapid in relation to response actions. It only takes few
minutes for an internet-based system or network to be affected.
 Attacker needs to find just one vulnerable access point to enter into a system
 Cyber-attacks are difficult to be predicted

Q2. What did you learn about Cyber Security from the cyber-attacks on Saudi Aramco?
Answer:
cyber-Security study programmers teach you how to protect computer operating systems, networks,
and data from cyber-attacks. You'll learn how to monitor systems and mitigate threats
when they happen. 
Q3. Read page 287 of your textbook and draft a security policy for 'Saudi Aramco'.
(Choose any one of the two Q3)
Answer:

Or

Q3. What are the most important tools and technologies for safeguarding information resources?
(Page 289)
Answer:
To safeguard the information resources the most important tools and technologies used are:
• Digital certificates – Protects the user’s identity over the electronic transactions by providing the
authentication to the user’s identity.
• Intrusion detecting systems – Monitors the private networks and provides access to the corporate
systems.
• Authentication techniques – Provides authentication by passwords, tokens, biometric and smart cards.
• Antivirus and Antispyware software – One checks the system from infections like viruses worms and
deletes the malicious software’s. While other will fights with the intrusive and harmful spyware
programs.
• Encryptions – Provides security for electronic transmissions through the unprotected networks.
• Fault-tolerant computer systems – The usage of such systems provides companies to ensure that the
information is available always.
• Rigorous software and software metrics testing – Provides the improvement of the software quality
and reliability.
• Firewall –Prevents the accesses of private networks or systems when connected to the Internet from
the unauthorized users.