SECURITY
SECURITY
SECURITY
New version of infamous Shamoon malware targets oil and gas industry
A new version of Shamoon, a form of malware that infamously caused damage to Saudi Aramco, Saudi Arabia’s largest oil producer in 2012, has been used in new attacks in the Middle East.
The new Shamoon attack was reported Thursday to have been detected on the network of Italian oil and gas contractor Saipem, where it destroyed files on about 10 percent of the company’s personal computers, primarily in the Middle East but also in Italy and Scotland.
A second attack at around the same time was later reported to have targeted a heavy-engineering company in the U.A.E.
Shamoon is different from regular malware attacks in that it does not attempt to steal information or ask for a ransom payment. Instead, it simply deletes data, causing chaos on every network it manages to infiltrate.
Mounir Hahad, head of the Juniper Threat Labs, told SiliconANGLE that the new version of the Shamoon “packs the same punch as previous attacks,” but was made more difficult to study because this time, no sign of the intended victim is present in the malware.
“This variation will render any system it infects unusable by overwriting a key hard drive section called the Master Boot Record with random data,” Hahad explained. “Unlike the previous variant, this one does not attempt to spread, which leads us to believe that the attack vector and the method of infecting more systems is yet to be discovered.”
Thomas Richards, associate principal consultant at Synopsys Inc., noted that the initial entry point is telling.
“With the recent releases of breaches involving passwords, it is a possibility that an employee used the same password in multiple locations which led to the attacker’s ability to compromise Saipem,” Richards said. “The Shamoon attack could also be predicated by a phishing campaign or other credential compromising event. This attack is most likely perpetrated by an advanced threat actor who was specifically targeting Saipem.”
Richards advised employers to state in their password policies that employees shouldn’t reuse corporate passwords on other systems. “Additionally, if an employee receives a suspicious email they should report it to their IT security group immediately,” he added.
Photo: Divulgação Petrobras/Wikimedia Commons
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
.jpg){kind=link}