Forgot your password?
typodupeerror
Security IT

Destructive Shamoon Malware Targets Energy Sector 34

Posted by Soulskill
from the tilting-at-windmills dept.
An anonymous reader writes "A new spear-phishing attack targeting a number of specific companies in a few industries, including the energy sector, has been spotted by several security companies. Dubbed 'Shamoon' due to a string of a folder name within the malware executable, the attack ends up with delivering destructive malware on the targeted computers that ends up making them unusable. The interesting part of this malware is that instead of staying under the radar and collecting information, the malware was designed to overwrite and wipe the files and the master boot record of the computer."
This discussion has been archived. No new comments can be posted.

Destructive Shamoon Malware Targets Energy Sector

Comments Filter:
  • And so it begins... (Score:3, Interesting)

    by noh8rz7 (2706405) on Friday August 17, 2012 @02:20PM (#41027041)
    We're moving from cyber espnage to cyber sabotage. The summary doesn't say what countries Re targeted, but it will be interesting to see if this is government sponsored against the middle east, government (china) sponsored against US, or private malicious. A brave new world!
    • by daveschroeder (516195) * on Friday August 17, 2012 @02:26PM (#41027167)

      And that's a huge problem with cyber: attribution. Even if an attack appears to be coming from a particular source, that doesn't mean it originated from and/or was ordered by that source. In fact, intentional misattribution or denial of attribution is yet another element of cyber operations. From a US perspective, we still don't have a comprehensive set of rules of engagement for cyber, or even really have consistent, well-understood definitions for what constitutes "cyber war" (though there's certainly a lot of hype...)

      Some relevant recent articles:

      ---

      Cyber Command struggles to define its place on a shifting battlefield - Nextgov

      The U.S. Cyber Command, which directs network offensive operations for the Pentagon and protects its networks, is becoming more open about the military’s capabilities in cyberspace. Recently, the Defense Department was forced to show part of its hand when leaks surfaced about U.S.-manufactured cyber weapons and cyber espionage missions. Still, since 2011, the department has told the world it stands prepared to protect U.S. national security interests through cyberspace maneuvers.

      http://www.nextgov.com/cybersecurity/2012/08/hacker-wars/57438/ [nextgov.com]

      ---

      Confusion Reigns In Cyber Planning - AVIATION WEEK

      Pentagon warfighters have for years been asking for a cybercombat policy, rules of engagement, funding and a less-fragmented chain of authority. But those needs remain unfulfilled as bureaucrats, lawmakers and top Defense Department civilian officials thrash about in a pit of indecision while an international complex of digital threats continues to emerge.

      http://www.aviationweek.com/Article.aspx?id=%2Farticle-xml%2FDT_05_01_2012_p38-444018.xml&guid=74908 [aviationweek.com]

      ---

      'Turf War' Slows New U.S. Cyber Rules - Defense News

      Despite the ongoing concern about the escalating pace of cyber attacks, a new set of standing rules of engagement for cyber operations — policy guidelines that would specify how the Pentagon would respond to different types of cyber attacks — is being delayed by a debate over the role of the U.S. military in defending non-military networks, sources said.

      http://www.defensenews.com/article/20120507/C4ISR01/305070015/-8216-Turf-War-8217-Slows-New-U-S-Cyber-Rules [defensenews.com]

      ---

      Pentagon revamps rules of engagement for cyberwar - The Hill

      The Pentagon is rewriting the book on how it defends against and possibly responds to cyberattacks against the United States, the top uniformed officer in charge of the effort told Congress on Tuesday.

      http://thehill.com/blogs/defcon-hill/policy-and-strategy/218435-pentagon-revamps-rules-of-engagement-for-cyberwar [thehill.com]

      • by jeffmeden (135043)

        And that's a huge problem with cyber: attribution. Even if an attack appears to be coming from a particular source, that doesn't mean it originated from and/or was ordered by that source. In fact, intentional misattribution or denial of attribution is yet another element of cyber operations. From a US perspective, we still don't have a comprehensive set of rules of engagement for cyber, or even really have consistent, well-understood definitions for what constitutes "cyber war" (though there's certainly a lot of hype...)

        Attribution is a problem, but it certainly isn't a new one. The King got poisoned? Well hell, it could have been spies from any one of our enemies! Or even an ally that wanted us to hate our enemies more! Or even a friend that wanted us to turn on an ally! To the horses! Avenge the King!

        But seriously, covert and clandestine operations have been around basically since the beginning of state conflict. "Cyber war" is scary, and some threats are justified, but acting like this is a brave new world real

  • by sinij (911942) on Friday August 17, 2012 @02:22PM (#41027077) Journal
    At the risk of giving them more ideas, wouldn't it be simpler to uninstall and erase all traces? Maybe also defrag hard disk on the way out. Corrupted PCs are all but guaranteed to attract attention of IT, who have much greater chance to detect intrusion than your average user.
    • by gmuslera (3436)
      Maybe by the time you attracted their attention they already did their (visible, like a device malfunction) job, and want to not leave traces of what they exactly did exactly to trigger that problem.
    • by Baloroth (2370816)

      The point is probably to cause mayhem by corrupting the systems. It may be targeted, but it doesn't look nearly as targeted as Flame was. It sounds like they just want to cause wanton destruction and chaos by disrupting the target's computer systems, which in some cases is as effective as any subtle attack.

  • My guess; A security guy in the energy industry got bored of his manager refusing to pay for anything other than audits saying "your security is great". This is his way of getting some action. A hero perhaps? If so I hope he knows how not to get caught...

    Alternatively, an unsubtle message from the Iranians to the effect of "you have more to lose than we do"?

  • by logicassasin (318009) on Friday August 17, 2012 @02:36PM (#41027333)

    reminds me of the late 80's and 90's where malware typically deleted your files and otherwise screwed up your computer.

    We have come full circle.

    • by couchslug (175151)

      Too bad it is less common now. That would FORCE people to take better security measures they will refuse to do otherwise.

  • by Anonymous Coward

    "instead of staying under the radar and collecting information, the malware was designed to overwrite and wipe the files and the master boot record of the computer."

    In other words, a return to the classic viruses of the late 80's and 90's. It's been years since I've seen any virus that does anything more than remotely spy/lurk or disrupt internet connectivity.

    • by rtb61 (674572)

      The reality is they are not all that destructive unless you can sneak them onto a computer manufacturer. Those viruses became futile because of course they inherently destroy themselves and spread is very limited. Usually they are left behind after a system has been cracked to cover up the trail. Of course they could also be used to hide other things being done ie computer crashes, get repaired, the blatant virus cleaned off and everyone thinks they are safe but they have actually missed a critical back do

  • by tekrat (242117) on Friday August 17, 2012 @03:00PM (#41027733) Homepage Journal

    It may have a virus on it.

    I remember trying to get users at a local Amiga user group to dial in to my BBS, and many of them said at the time "No, I don't connect to a BBS 'cause I might get a virus".

    I bet those same people were the first ones on the internet however, and are still running their Windows 2000 PC connected directly to the cable modem...

    Ah, the good old days, when Virii were destructive. But now, with 500GB HD's being the norm, they get to be even MORE destructive. I mean, loosing a floppy with at most 800k of data on it was one thing, but a 500GB HD? Yowza, I can't wait to hear the screams.

  • Which ones?
    It seems to be targeted against specific companies. There's a rumor that Saudi Aramco is one of them.
    The set of target companies should give us a very good idea of the purpose. Economic? Political?

    • by tomhath (637240)
      According to the linked article (which apparently you didn't read): "The researchers have not said which company has been the target of Shamoon attacks, but it is widely speculated that it could be Saudi Aramco"
  • The 80's called. They want their viruses back.

"It is better to have tried and failed than to have failed to try, but the result's the same." - Mike Dennison

Working...