Saturday, August 18, 2012
Saudi energy industry attacked by malware Shamoon
The attack nicknamed Shamoon is reported to have already hit "at least one organisation" in the energy sector. Shamoon can wipe files and make several computers on a network unusable. The Saudi national oil company reported it had problems and that its network had to be taken offline. However, the company, Saudi Aramco, did not directly link its problems to Shamoon but it did admit that it had suffered a sudden disruption in its computer operations.
The company hower did issue a statement saying that the problems were "suspected to be the result of a virus that had infected personal workstations without affecting the primary components of the network.:" The statement also claimed that the disruption had no effect at all on operations.
The security firm Symantec reports:"It(Shamoon) is a destructive malware that corrupts files on a compromised computer and overwrites the MBR (Master Boot Record) in an effort to render a computer unusable," The malware attacks a computer through the internet and it is then spread to other computers in the local network even though they themselves may not be connected to the internet. The list of wiped files is sent back to the originally infected computer and then to the attacker's command and control center. The article does not say if the contents too are sent or just the list. Wiped files are replaced by images which obstructs attempts to recover the files.
An Israeli-based security firm Seculert said that the code has unusual characteristics:"The interesting part of this malware is that instead of staying under the radar and collect information, the malware was designed to overwrite and wipe the files...Why would someone wipe files in a targeted attack and make the machine unusable?" Perhaps they wanted to sabotage the computers as well as destroy the files.
A number of cyber attacks have been employed against industries of late. The most well known is the Stuxznet virus which attacked Iran nuclear operations making centrifuges act erratrically. Some viruses have been designed to infiltrate networks and steal data. For more see this article. .