Satoshi Nakamoto Blog
Image default
Cyber cybersecurity Malware Middle East NEWS Security Shamoon The-Latest

New version of infamous Shamoon malware targets oil and gas industry

A new version of Shamoon, a form of malware that infamously caused damage to Saudi Aramco, Saudi Arabia’s largest oil producer in 2012, has been used in new attacks in the Middle East.

The new Shamoon attack was reported Thursday to have been detected on the network of Italian oil and gas contractor Saipem, where it destroyed files on about 10 percent of the company’s personal computers, primarily in the Middle East but also in Italy and Scotland.

A second attack at around the same time was later reported to have targeted a heavy-engineering company in the U.A.E.

Shamoon is different from regular malware attacks in that it does not attempt to steal information or ask for a ransom payment. Instead, it simply deletes data, causing chaos on every network it manages to infiltrate.

Mounir Hahad, head of the Juniper Threat Labs, told SiliconANGLE that the new version of the Shamoon “packs the same punch as previous attacks,” but was made more difficult to study because this time, no sign of the intended victim is present in the malware.

“This variation will render any system it infects unusable by overwriting a key hard drive section called the Master Boot Record with random data,” Hahad explained. “Unlike the previous variant, this one does not attempt to spread, which leads us to believe that the attack vector and the method of infecting more systems is yet to be discovered.”

Thomas Richards, associate principal consultant at Synopsys Inc., noted that the initial entry point is telling.

“With the recent releases of breaches involving passwords, it is a possibility that an employee used the same password in multiple locations which led to the attacker’s ability to compromise Saipem,” Richards said. “The Shamoon attack could also be predicated by a phishing campaign or other credential compromising event. This attack is most likely perpetrated by an advanced threat actor who was specifically targeting Saipem.”

Richards advised employers to state in their password policies that employees shouldn’t reuse corporate passwords on other systems. “Additionally, if an employee receives a suspicious email they should report it to their IT security group immediately,” he added.

Photo: Divulgação Petrobras/Wikimedia Commons

Since you’re here …

… We’d like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.

The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.

If you like the reporting, video interviews and other ad-free content here, please take a moment to check out a sample of the video content supported by our sponsors, tweet your support, and keep coming back to SiliconANGLE.

Source link

Related posts

Bear still in the driving seat as cryptocurrency struggles to climb |


Rivian Details Plans to Build Electric Pickup Truck And SUV


New iPhone Models May Come With Faster Chargers Right Out Of The Box


Bitcoin “Creator” Craig Wright Fails To Impress In Court


Newest iPad Pro 2018 is Now Only $650


Investors May Consider Encrypcurrency If ICO’s Fail To Deliver Results In 2019