McAfee: Hackers Targeting Major Oil Companies

According to a recent report from security firm McAfee, Chinese cyber criminals have been leading coordinated and covert attacks on major Western energy companies since November 2009. McAfee, which has dubbed the cyber terrorism offensive 'Night Dragon', says oil and petrochemical firms have been affected.

Perhaps the most surprising finding in the report is that many of these major companies, which have not been named, do not appear to have had particularly robust defense measures in place.

"The attacks were not very sophisticated and did not use any zero-day exploits," noted McAfee Labs vice president of threat research, Dmitri Alperovitch. "They were, however, very successful, and information that [has] been [exfiltrated] has enormous potential value to competitors." (Source: eweek.com)

Hacking Campaign Used SQL Injection Attacks

It's suspected that the attacks, which have targeted both companies and individuals in Kazakhstan, Taiwan, Greece and the United States, originated in China -- specifically Beijing. It's leading to new concern about the threat posed by cyber criminals working in China; in fact, it wasn't long ago that Google was forced to shut down operations in China because of mounting cyber attacks against its email service there. (Source: thebusinessjournal.com)

According to McAfee, Night Dragon hackers used SQL injection attacks to bypass security on extranet web servers, allowing them to use spear-phishing attacks against a specific target's systems. Corporate VPN (virtual private network) accounts were also targeted.

"Once the initial system was compromised, the attackers compromised local administrator accounts and Active Directory administrator [and administrative user] accounts," McAfee said in its report.

Nature of Hacking Attempts Nothing New

"What's remarkable about the MO [modus operandi], is these are fairly standard techniques from Network Breach 101," added Invincea chief scientist, Anup Ghosh.

"Unfortunately this looks like another successful user-targeted attack through spear phishing from what appears to be nation-state actors who make it their day job to go after critical U.S. industry assets."

The Chinese government has continually distanced itself from such attacks. The issue thus turns to how the Western firms being attacked can convince that government to more actively pursue cyber criminals operating within its borders.