It has just been disclosed that unidentified hackers, thought to be Iranians, hacked into and destroyed thousands of computers at six Saudi Arabian government agencies including its General Authority of Civil Aviation. This attack echoes a previous 2012 cyberattack thought to be the work of Iranian hackers that wreaked havoc on the Saudi state oil company Saudi Aramco and in fact both attacks used the same malware called Shamoon. The malware was installed using passwords that appear to have been accessed through spear phishing emails. This escalation of cyberwarfare is indeed troubling.
It is well established that the infrastructure of the United States including banks and a dam in New York were targeted by Iranian hackers in recent years. The lesson for governments, companies and individuals from this latest Saudi hacking is clear. Much greater attention has to be given to cybersecurity. The fact that the same Shamoon malware that was used in 2012 was able to be effectively used again is an indictment of the failure of the Saudis to implement updated security software that might have thwarted this attack. Further, as we have seen time after time, the malware appears to have been downloaded through simple spear phishing in which a Saudi employee clicked on an infected link. Better anti-phishing analytics security software should have been used and the employees should have been better trained to avoid clicking on links in emails unless they have been confirmed to be legitimate. There are other steps that can and should be taken as well, but these two are the best and easiest to implement.