There have been a handful of wiper malware attacks in the wild in the last decade with Shamoon’s destruction of more than 35,000 workstations at Saudi Aramco in 2012 and the Dark Seoul attacks on Sony Pictures Entertainment the most high profile. Chris Doman, Security Researcher at AlienVault commented below.
Chris Doman, Security Researcher at AlienVault:
“Kaspersky suggest in their report that the Stonedrill attackers may be linked to a group known as Newscaster – previously seen targeting the US military. There have been reports they are located within Iran, as are the Shamoon attackers. Whilst Shamoon and Stonedrill may share common targets and even resources, this is part of a wider proliferation of ideas.
Back in 2012 the Iranian Oil Ministry was attacked in one of the first destructive attacks. It wasn’t long after that similar attacks were being executed by Shamoon in the other direction. Perhaps they were shown the benefit of this style of destructive attack. These in turn were followed by another group of attackers targeting Sony and South Korean banks in destructive attacks. And now we have Stonedrill to watch out for too.
It’s novel that the new Shamoon attacks include a ransomware component. If you’re going to target an enemy – why not drain their resources and make some funds for yourself whilst you do it?
US-CERT provide good advice in mitigating these kinds of attacks. A solid detection and back-up strategy is key. Many of these attacks involve a worm component that look for weak passwords on a network, and can be identified using centralised reporting of failed logins.”
Most Commented Posts
2020 Cybersecurity Landscape: 100+ Experts’ Predictions
Cyber Security Predictions 2021: Experts’ Responses
Experts’ Responses: Cyber Security Predictions 2023
Celebrating Data Privacy Day – 28th January 2023
Data Privacy Protection Day (Thursday 28th) – Experts Comments
Most Active Commenters
“First of all, it should be praised that Ferrari have…
These findings aren’t very surprising given that unpatched zero-days provide…
These figures from Mandiant highlight how attackers are continuing to…
Just one week after the Zoll Medical data breach that…
Independent Living Systems (ILS), a Miami-based healthcare software firm providing…