The rise of overseas cyber-threats like OilRig—and how Nyotron can help

Blog by: Mark Wainwright, Enterprise Security Solutions, Adept4 - 25-Jun-2018

You can’t tune into the news these days without seeing or hearing about another contentious cyber-incident. Whether it’s social media giant Facebook facing the heat over sharing of user data or the latest cyber-attack on organisational infrastructure, it’s clear we live in an increasingly dangerous digital world.

No wonder, then, that cyber incidents once again top the list of concerns of UK businesses, according to the Allianz Risk Barometer 2018.

But while our attention might currently be focused on larger stories involving the US, Russia and China, it’s becoming clear that Iran is also a key player in the game—especially with OilRig. 

Find out more about Managed Security from Adept4

What – or who – is OilRig?

Iran’s hacking organisations have flown under the radar of late, which is understandable considering the bigger hacking scandals in the past couple of years. But these small, opportunistic groups—often thought to be sponsored by the Iranian government (according to intelligence firms)—are becoming increasingly good at infiltrating organisations with lax security processes and/or IT providers.

OilRig is one such group and has been around for the last three years, which is significant considering other groups might have peaked and fallen by the wayside in that time, once they’ve been discovered. Yet the most concerning aspect of this organisation is their different approach to targeting, which means most private businesses should start taking the threat seriously.

Why private businesses need to protect themselves

Traditionally, Iranian hacking organisations have often gone after a very limited range of targets (usually foreign government agencies or domestic dissidents). However, OilRig is breaking the mould by focussing more on private industry overseas.

It’s suggested that this group represents a change in tack for the Iranian cyber strategy as a whole, moving away from more destructive attacks to infiltrating and monitoring. And OilRig is certainly proving adept at breaching private targets, as well as sloppy IT service providers (and from them into their clients).


Forbes recently revealed how a small, unassuming tech firm in America, AI Squared, became the first private business in that country to have been targeted by OilRig—who ended up stealing the company’s certificates and using them to hide malware. This then helped make OilRig’s surveillance tools appear legitimate to the security systems of other targets.

AI Squared certainly aren’t alone, however, as many other private companies—both large and small—have also fallen victim to OilRig’s attacks since. In fact, intelligence firms believe that the group have been able to take control of several email accounts across multiple organisations to help them expand their phishing campaigns around the world.   

How Nyotron’s ‘Paranoid’ is designed to help against new threats

Keeping up to speed with the latest threats has always been the biggest challenge of digital security. Threat types change constantly and it is often only a matter of time before something more sophisticated than the security has been designed to withstand breaks through. Which is why we advocate for a defence-in-depth approach to protecting the digital assets of your business, because it ensures a multi-layered security system that makes it as hard as possible for attacks to breach.

However, a new approach by Nyotron with their ‘Paranoid’ solution, takes things in a completely new direction. They’ve done this by moving away from threat identification and instead have been mapping legitimate operating system actions with the aim of recognising and stopping illegitimate actions in the ‘damage stage’, where the file deletion, malicious encryption (etc.) takes place. This is an ingenious approach, because the damage stage is entirely consistent and makes for a far easier identification and prevention of dangerous actions, rather than trying to consistently stay ahead of ever-changing threats and prevent them getting access.

So, while cyber threats are increasing and becoming more varied, and new, dangerous groups like OilRig are rising to the forefront of attacks on private businesses around the world, adding something like Paranoid to your current anti-virus system can help create the perfect in-depth security solution for companies who want protection both now and in the future, wherever the threat may come from.

Want to know more about Nyotron’s Paranoid and how it can help your business stay protected against increasing digital threats in 2018? Get in touch and we’ll be happy to guide you in the right direction. 


Topics: MSSP, Managed Security Services, Nyotron, OilRig

Sign up to our blog