The Shamoon Malware: Looking Back and Seeing What’s Ahead

by on | Leave a comment
Filed under Industry News and tagged , , , .

System down

Nine months ago, Seculert’s Advanced Threat Protection platform discovered Shamoon: a new malware that was designed to attack Aramco, the Saudi Arabian national oil and natural gas company. In its wake, the Shamoon malware destroyed data on about 30,000 of Aramco’s computers and servers, and inflicted a massive amount of damage and chaos that is still reverberating today.

Late last week, USA Today’s CyberTruth column interviewed ForeScout Technologies’ CEO Gord Boyce, and asked him to reflect upon Shamoon’s legacy to date — and suggest what the future may hold, especially now that the U.S. Department of Homeland Security’s National Cyber Security Division has alerted IT organizations to put systems in place to detect and thwart the spread of Shamoon and other similar malware.

In the interview, Boyce pointed out that what made Shamoon so shocking was how overt it was. Unlike most other forms of malware and APTs that are designed to hide behind-the-scenes and go undetected for months or even years, Shamoon was violent and visible. The shockingly aggressive nature of the attack was, itself, part of the attack.

Boyce further added that the adversaries behind Shamoon are likely still active, and, given that computer forensic experts concluded that Shamoon wasn’t a particularly complicated malware, copycats are both possible and likely.

Most insightfully, however, Boyce highlighted an essential point that should be heeded by governments and organizations the world over: traditional antivirus systems and defenses like firewalls and intrusion prevention cannot prevent 100% of fast-spreading malware like Shamoon, which are designed to spread internally.

According to an even more recent New York Times article, US government officials have tracked attacks back to Iran, and noted that they are especially targeting energy firms — a development that prompted ICS-Cert, the government agency that monitors cyber attacks on networks and systems that run industrial processes, to warn that it was “highly concerned about hostility against critical infrastructure organizations.”

The fact that Shamoon was a two-stage attack also highlights just how persistent it is. If companies learn to share their information, then they will be in a much better situation to detect future attacks from Shamoon and other APTs.

________________________________________________________________________

Sign-up for Seculert’s free Advanced Threat Protection solution to check if you network is infected by Shamoon or other advanced malware.



Creative Commons photo courtesy of jemimus’s Flickr photostream

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>