Threat actors have stolen 1 TB of data belonging to Saudi Aramco and have posted it for sale on the dark web. Saudi Aramco is one of the largest employers in the oil industry and has an annual revenue of nearly $230 billion. The threat actors listed the data for sale on a dark website for $5 million USD, and for $50 million, the data can be purchased and wiped by the threat actors. Representatives from Saudi Aramco have stated that this was not a ransomware attack, and the organization’s operations have not been impacted. The data breach is believed to have occurred through a third-party contractor rather than direct exploitation of Aramco’s systems.
Cyber-criminals will continue to look for new avenues to attack organizations and steal valuable data. To protect against cyber-attacks, organizations should regularly back up data, air gap, and password-protect backup copies offline. Ensure copies of critical data are not accessible for modification or deletion from the system where the data resides. Implement network segmentation. Implement a recovery plan to maintain and retain multiple copies of sensitive or proprietary data and servers in a physically separate, segmented, secure location (i.e., hard drive, storage device, the cloud). Install updates/patch operating systems, software, and firmware as soon as practical after they are released. Implement monitoring of security events on employee workstations and servers, with a 24/7 Security Operations Center to detect threats and respond quickly. Use multi-factor authentication where possible. Use strong passwords and regularly change passwords to network systems and accounts, implementing the shortest acceptable timeframe for password changes. Avoid reusing passwords for multiple accounts. Focus on cybersecurity awareness and training. Regularly provide users with training on information security principles and techniques and overall emerging cybersecurity risks and vulnerabilities.