The hack was revealed by Norway’s prevention unit for serious hack attacks, the National Security Authority Norway (Nasjonal Sikkerhetsmyndighet – NSM), who were tipped off by ‘international contacts’.
Hans Christian Pretorius, director of the operative division of NSM, told newspaper Dagens Næringsliv (DN), “This is the largest warning we have ever carried out.”
Although Norwegian companies have been under attack before, this is thought to be more serious. The attack has been described as ‘spearphishing’, a common tool in industrial espionage. The attacks on Norwegian’s major oil companies are thought to have originated via emails sent to key personnel, made to look like legitimate emails. If opened, a destructive program is downloaded onto the person’s machine, allowing the hacker to access sensitive information.
Statoil, the state-controlled oil company and one of Norway’s largest, has confirmed that it is among the companies warned that they are under attack by NSM. They are now checking their systems.
All businesses rely on email for every-day dealings with customers, colleagues, partners and suppliers; it is a vital communication channel. But while it is seen as an invaluable form of communication, it also represents a potential threat to information security. It is essential for organisations to have an effective email security policy in place. For further guidance on securing email as a channel by which you communicate with your stakeholders, take a look at E-mail Security: A Pocket Guide.