Saudi authorities said Monday that they had detected an “advanced” cyber-attack targeting the Kingdom, in an attempt by the hackers to disrupt government computers.
The government’s National Cyber Security Centre said that the attack involved the use of
“Powershell” malware, but did not comment on the source of the attack or precise the government bodies that were targeted.
This is not the first time that Saudi Arabia gets hit by a cyber-attack.
In January 24, 2017, Saudi Arabia’s Labor Ministry said that its Hadaf human resources development fund was hit by hackers who were attacking the Kingdom’s government agencies and companies.
The “Shamoon 2” Virus hit various government agencies and the private sector, Al Ekhbariya reported, citing cyber-security expert Hani Alzaid, who estimated that more than 15 state bodies and corporations were targeted.
In 2012, “Shamoon 2” Virus hit government networks, paralyzing tens and thousands of computers at Saudi oil firm Aramco.
The recurrent cyber-attacks against Saudi Arabia raise the question about the Kingdom’s preparedness against such incidents.
Is the Kingdom well prepared?
Science Daily, a science news website, reveals a study ranking the vulnerability of 44 nations to cyber-attacks.
It found that the United States ranked 11th safest, while several Scandinavian countries (Denmark, Norway and Finland) ranked the safest. China, India, Russia, Saudi Arabia and South Korea ranked among the most vulnerable countries.
Security Affairs, a site dedicated to security issues, reveals a study by Kaspersky Lab saying that Saudi Arabia is under a constant malware-based attack.
“The study found that 41 percent of the respondents questioned believe that their institutions need better tools to detect ‘persistent threats’ and deal with targeted attacks,” it said.
The Cyber Strategy and Policy Brief prepared in 2016 by Stefano Mele, an attorney in the Intelligence & Security Legal Department of Carnelutti Law Firm in Milan, says: “Despite hugely moving ahead with modernization and digitalization of its national infrastructures and relative procedures, Saudi Arabia still seems backward in its capacity to ensure high cyber security standards for its main strategic assets, turning out to be the main target of cyber attacks in the Middle East till now.”
But who could be taking advantage of Saudi Arabia’s cyber vulnerability?
According to Mele, the companies that examined the malware have highlighted its evident similarity with Shamoon, the malware probably used by Iran in 2012 to hit some Saudi companies active in the energy field – such as Saudi Aramco.
“Such a similarity in objectives and means, together with the constant diplomatic tensions between Saudi Arabia and Iran, have led most of the analysts to point at the Iranian government once again,” he said.
He added that the possibility that an attack was carried out by groups opposing the Saudi government might be likely as well.
“Such individuals might want to check abilities and highest capabilities of Saudi Arabia and its main public and private entities, so as to cause limited political and economic damages in the short term, and especially acquire valuable information for possible future warfare in and through the cyberspace,” he said.
It should be noted that Aramco IPO sale is not welcomed by many Saudis.
Prince Mohamed Bin Salman hopes to raise $100bn through the sale of Aramco IPO, through which Riyadh will try to narrow a fiscal deficit and counter the impact of low oil prices.
However, not all Saudis are supportive of this move.
According to the Financial Times, Saudis often liken Saudi Aramco, the Kingdom’s state oil company, to a fat cow or productive hen.
“Oil is regarded by many (Saudis) as a birthright: the foundation of national wealth and a guarantor of future generations’ wellbeing,” it said.
It quoted Othman al-Khowaiter, a former Saudi Aramco Vice-President, who is one of the few prominent voices to publicly criticise the IPO plan.
“Aramco is the hen that lays golden eggs,” he tweeted in March, describing privatisation as a tool best used when dealing with lossmaking enterprises. “It is unacceptable to compromise any part of it under any circumstances.”
The Financial Times quoted a Riyadh-based corporate lawyer as saying: “The majority of the people I know are against the sale”.
A 2016 study released by Fortune, a multinational business magazine, also reveals that if Saudi Aramco goes public, Saudi Arabia will face an enormous existential dilemma.
“The Saudi royal family’s total control of Arabia’s oil wealth is the root of all of its power, influence, and success. To loosen that grip, even a little, would be seen as weakness in the eyes of the Saud family’s (many) enemies and would diminish their legitimacy as the absolute rulers of Arabia, stewards of Mecca and Medina, and ultimate arbiters of price of oil,” it said.