Overview of Cyberattack on Saudi Organizations

Salem Alelyani, Harish Kumar


 The beginning of Twenty first century saw a new dimension of security, the cybersecurity. Developed countries have started exploiting the vulnerabilities of cybersecurity to gain supremacy and influence over the rival countries. Hence, over the past decade, malware, i.e., malicious software, has become a major security threat in regards to the cybersecurity. The Kingdom of Saudi Arabia (KSA) has become a major target of cyber conflicts due to increased economic activity, digital transformation, high rate of technology adoption between citizen and organizations and rise of the oil and gas industry. However, unfortunately, there is a lack of research or scientific investigation of cyberattacks on KSA. This fact motivated us in conducting this work. This paper presents, a case study of attacks on Saudi Organization by malwares. We concentrate on two particular malwares: Shamoon and Ransomware. The timeline of attacks by these malware, also presented, along with their structures and methodologies in order to shield ourselves against similar attacks in the future.

Full Text:



“Text: Obamas Remarks on Cyber-Security”. The New York Times. The New York Times. Internet: http://www.nytimes. com/2009/05/29/us/politics/29obama.text. html, 29 May 2009. [16 Sept. 2017].

Adebayo, Olawale Surajudeen, Mabayoje, Amit Mishra, Osho Oluwafemi. Malware Detection, Supportive Software Agents and Its Classification Schemes, International Journal of Network Security & Its Applications (IJNSA), Vol. 4, No. 6, November 2012

Marie Baezner, Patrice Robin Stuxnet Center for Security Studies (CSS), ETH Zrich, 2017 http://www.css.ethz.ch/content/dam/ethz/ specialinterest/gess/cis/center-for securities studies/pdfs/Cyber-Reports-2017- 04.pdf

Zetter, Kim. KASPERSKY FINDS NEW NATION-STATE ATTACKIN ITS OWN NETWORK The Wired. 06 Oct. 2015. Web. 02 Apr. 2018. www.wired.com/2015/06/ kaspersky-finds-new-nation-stateattack-network/

Terry Pattar. Cyber Attacks in the Middle East 29 July 2013. Web. 31 Dec. 2017. http:// thesigers.com/analysis/2013/7/29/cyber-attacks-in-themiddle-east.html.

Joanna Moubarak, Maroun Chamoun and Eric Filiol Comparative Study of Recent MEA Malware Phylogeny The 2nd International Conference on Computer and Communication Systems, 978-1-5386- 0539-4/17 IEEE, 2017.

Christopher Bronk & Eneken Tikk-Ringas. The Cyber Attack on Saudi Aramco, Survival, 55:2, 81-96, pp.33-49, ISSN: 0974-9330, 2013.

Zetter, K. The NSA Acknowledges What We All Feared: Iran. Learns From US Cyberattacks The Wired. 10 Feb 2015. Web. 31 Dec. 2017. https://www.wired. com/2015/02/nsaacknowledges-fearediran-learns-uscyberattacks/

Helman, Christopher. The World’s Biggest Oil Companies. Forbes, Forbes Magazine, 19 June 2013, Web. 31 Dec. 2017.

www.forbes.com/2010/07/09/worlds-biggest-oil-companies-businessenergy-big-oil. html6eb9c74f71d7.

A. H. Cordesman. Saudi Arabia: National Security in a Troubled Region Santa Barbara: ABC-CLIO, 2009.

Byron Acohido. Why the Shamoon virus looms as destructive threat, USA Today, 16 May 2013.

Raiu, Costin, Mohamad Amin Hasbini, Sergey Belov, and Sergey. Mineev. FROM SHAMOON TO STONEDRILL: Wipers Attacking Saudi Organizations and beyond, 06 Mar. 2017. Web. 14 Sept. 2017. https://securelist.com/from-shamoon-to-stonedrill/77725/

Double Trouble: A Pair of Wipers in Saudi Arabia Kaspersky Lab Blog. 6 Mar. 2017. Web. 06 Jan 2018. www.kaspersky.com/ blog/shamoonstonedrill/15170/.

Kaspersky Lab. FROM SHAMOON TO STONEDRILL - Wipers attacking Saudi organizations and beyond. 07 Mar. 2017. Web. 16 Sept. 2017. https://securelist.com/ files/2017/03/Report Shamoon StoneDrill final.pdf.

Pauli, Darren. Shamoon Malware Returns to Again Wipe Saudi-Owned Computers. The Register - Biting the Hand That Feeds IT, 2 Dec. 2016. Web. 20 Jan 2018. www. theregister.co.uk/2016/12/02/accused iranian disk wiper returns to destroy saudi orgs agencies/.

Ivanov, Anton, & Orkhan Mamedov. The Return of Mamba Ransomware Securelist - Information about Viruses, Hackers and Spam. N.p., 09 Aug. 2017. Web. 13 Sept. 2017. https://securelist.com/thereturn-of-mamba-ransomware/79403/

Symantec Security Response. The Shamoon Attacks. 16 Aug. 2012. Web. 14 Sept. 2017. https://www.symantec.com/connect/blogs/ shamoon-attacks.

Bluvector. What Is Destructive Malware? 31 July 2017. Web. 16 Sept. 2017. https://www. bluvector.io/what-is-destructive-malware/.

Gupta, Ankit Samas Changes the Way a Ransomware Operates. TWCN Tech News, 18 June 2016, Web. 10 Jan 2018. news. thewindowsclub.com/samas-ransomware-changes-wayransomware-operates-82755/.

The Return of Mamba Ransomware. 18 Aug. 2017, Web. 10 Jan 2018. www.csoonline.in/ feature/return-mamba-ransomware.

Kharraz A., Robertson W., Balzarotti D., Bilge L., Kirda E. Cutting the Gordian Knot: A Look Under the Hood of Ransomware Attacks. In: Almgren M., Gulisano V., Maggi F. (eds) Detection of Intrusions and Malware, and Vulnerability Assessment. DIMVA. Lecture Notes in Computer Science, vol 9148. Springer, Cham, 2015

Gregory Paul and Shaunak. Detailed Threat Analysis of Shamoon 2.0 Malware.05 Feb. 2017. Web. 14 Sept. 2017. http://www. vinransomware.com/blog/detailed-threat-analysis-ofshamoon-2-0-malware.

Codymercer. StoneDrill Shamoon Shamoon 2.0 Variant. [10]. NSFOCUS Threat Intelligence Portal. 13 Mar. 2017. Web. 16 Sept. 2017. https://nti.nsfocusglobal.com/ threatnewscategories/stonedrillshammon-shammon-2-0-variant/.

Shamoon 2: Back On the Prowl. NSFOCUS Threat


  • There are currently no refbacks.