I think Saudi Aramco was hacked a few years back too.

Having worked at a major oil company, it doesn’t surprise me that these things happen. It’s not that anybody is particularly unintelligent, moreso that large sometimes sleepy companies have lots of vulnerable points in IT.

I’m sure the same could be said for a host of other corporations, tech, finance, and defense aside.

The Aramco hack is discussed in Paul's Security Weekly episode 498:

https://wiki.securityweekly.com/Episode498

Man that is an amazing website / series of podcasts (not just the Security Weekly one, but their others also).

I'm submitting https://wiki.securityweekly.com/Security_Weekly as it's own post on HN because this is news to me. It's so broad and deep! Just when I was out of podcasts.

If you enjoyed that one, check out Risky Business as well https://risky.biz/

Why do these companies not have dedicated red teams?

Because if you don't know tech, you can't hire for tech. Or won't, because "it's just a cost" (see: Sony).

And if the person you've hired to manage the tech doesn't really know tech...you get this.

They probably do, still vulnerable

Daily reminder you need isolated, tested back-ups! Sure, you might not be able to recover all data but having no back-ups versus losing data in an x timeframe makes a big difference.

Sounds like a job for Normal man: https://www.propublica.org/article/the-ransomware-superhero-...

Potential new revenue source for the cartels.

Hacking or running an oil company?

(both are basically black hat enterprises these days)

When life imitates art. Wasn't this literally the plot to the Hackers movie? Complete with the 5 million dollar ransom to an oil company...

In that movie the villain was also the tech-guru for the security company selling to the energy company.

Only Zero Cool can save us from The Plague! Hack the planet!!!

Hack The Planet!!!

> Wasn't this literally the plot to the Hackers movie?

Except it was an inside job.

Who says this isn’t? Maybe someone should hack the Gibson and find out?