據(jù)油價(jià)網(wǎng)2022年9月13日?qǐng)?bào)道，全球最大石油公司沙特阿拉伯國(guó)家石油公司（沙特阿美）總裁兼首席執(zhí)行官阿明·納賽爾周二表示，網(wǎng)絡(luò)攻擊是該公司目前面臨的最大風(fēng)險(xiǎn)之一。

納賽爾在利雅得舉行的2022年全球人工智能峰會(huì)上表示：“網(wǎng)絡(luò)攻擊是我們沙特阿美面臨的最大風(fēng)險(xiǎn)之一，它與自然災(zāi)害或?qū)嶓w攻擊一樣。”

納賽爾補(bǔ)充說，“但盡管這些攻擊在規(guī)模和嚴(yán)重性上都在增長(zhǎng)，人工智能正在幫助我們抵御一些威脅。因此，我們的努力不應(yīng)只專注于提高效率或深入了解客戶，還應(yīng)關(guān)注安全和彈性。”

近幾年來，沙特阿美自身也遭受了數(shù)次網(wǎng)絡(luò)攻擊，其中最臭名昭著的是2012年的Shamoon惡意軟件，該軟件摧毀了這家沙特石油巨頭的所有電腦。網(wǎng)絡(luò)安全專家警告稱，2018年，Shamoon惡意軟件的一個(gè)變種重新出現(xiàn)。 

去年，沙特阿美在一起數(shù)據(jù)泄露事件中成為目標(biāo)，并被索要5000萬美元的加密貨幣贖金。去年7月，這家世界上最大的石油公司告訴美聯(lián)社，沙特阿美最近意識(shí)到“第三方承包商間接泄露了有限數(shù)量的公司數(shù)據(jù)。一周前，BleepingComputer報(bào)道稱，沙特阿美公司遭遇數(shù)據(jù)泄露，網(wǎng)絡(luò)攻擊者竊取了該公司1萬億字節(jié)的專有數(shù)據(jù)，并在暗網(wǎng)上出售。” 

不僅僅是沙特阿美將網(wǎng)絡(luò)攻擊列為最大風(fēng)險(xiǎn)之一。 

根據(jù)網(wǎng)絡(luò)風(fēng)險(xiǎn)評(píng)級(jí)和監(jiān)測(cè)公司BreakchBits今年8月的一項(xiàng)研究，大多數(shù)美國(guó)油氣公司都面臨網(wǎng)絡(luò)攻擊的風(fēng)險(xiǎn)。該研究將59%的公司在網(wǎng)絡(luò)攻擊方面處于中等風(fēng)險(xiǎn)，13%處于低等風(fēng)險(xiǎn)，28%處于極低風(fēng)險(xiǎn)。 

BreachBits首席執(zhí)行官兼聯(lián)合創(chuàng)始人約翰·朗格倫上個(gè)月表示：“11%的公司存在潛在的嚴(yán)重、高風(fēng)險(xiǎn)威脅。我們大規(guī)模地識(shí)別和監(jiān)控網(wǎng)絡(luò)風(fēng)險(xiǎn)，發(fā)現(xiàn)問題，然后測(cè)試它們，就像黑客為客戶做的那樣。”

李峻 編譯自 油價(jià)網(wǎng)

原文如下： 

Cyberattacks Are A Major Risk For The World’s Largest Oil Company

Cyberattacks are among the greatest risks Saudi Aramco faces these days, Amin Nasser, president and chief executive officer at the world’s biggest oil firm, said on Tuesday.

“Cyberattacks are one of the top risks we face at Aramco – on a par with natural disasters or physical attacks,” Nasser told the Global AI Summit 2022 in Riyadh.

“But while these attacks are growing in scale and severity, AI is helping fend off some of the threat. So our efforts should not only focus on greater efficiency or deeper customer insights, but also on security and resilience,” Saudi Aramco’s top executive added.  

Aramco itself has been subject to several cyber attacks in recent years, the most notorious being the 2012 Shamoon malware that wiped out every computer at the Saudi oil firm. In 2018, a variant of the Shamoon malware resurfaced, cybersecurity experts warned at the time.

Last year, Aramco was targeted in a data leak that was the subject of a ransom demand of $50 million in cryptocurrency. In July last year, the world’s largest oil firm told The Associated Press that it “recently became aware of the indirect release of a limited amount of company data which was held by third-party contractors.” A week earlier, BleepingComputer reported that Saudi Aramco had suffered a data breach in which cyber attackers had stolen 1 terabyte of proprietary data of Saudi Arabia’s oil giant and are selling it on the dark web.

It’s not only Saudi Aramco that has identified cyber threats as one of the top risks.

According to an August 2022 study by cyber risk rating and monitoring company BreachBits, most U.S. oil and gas firms are exposed to the risks of a cyber breach. The study ranked 59% of companies at Medium Risk for a cyber breach, 13% at Low Risk, and 28% at Very Low Risk.

“11% of the companies presented potentially serious, High-Risk threats. We identify and monitor cyber risks at scale as we did here, detect issues and then test them just as a hacker would for our customers,” BreachBits CEO and Co-Founder John Lundgren said last month.