Shamoon, malware that threatens the energy sector
For some time are repeated in the news media related to the various attacks of malware that have been Iran’s nuclear facilities (the latter with an interesting taste in music ). malware like Stuxnet or Flame have emerged as a powerful weapon with which spying, sabotage and aimed at countries like the U.S. or Israel as “developers” key. However, this show of force cyber begins to be increasingly evident as many attacks have been detected malware on computers not only in Iran but in Egypt, Syria, Israel, Sudan, Lebanon and Saudi Arabia and all with a common link : are computers linked to the Energy sector and, depending on the activity of recent days, there is a new malware set to wreak havoc in the sector: Shamoon .
Banking systems, hospitals, signaling overhead, rail traffic systems or distribution of electricity are examples of systems that are controlled by computer networks and, therefore, are part of what many called governments and critical infrastructure in the they are investing great effort (although come a little late) to ensure continuity and preserve their good performance in case of any cyberattack.
Seeing the attack activity being detected, it is quite logical concern that according to several security firms ( Symantec or Kaspersky Labs ) has found a new type of malware known as Shamoon is causing havoc on Windows systems of energy facilities and uses a JPEG image to get to overwrite files on the infected system’s hard drive, specifically, s obrescribe the master boot record ( MBR ) partition table and making it impossible for the infected machine can boot or data can be recovered (a rather significant detail that has not been seen). In addition to the destruction of information, Shamoon sends information on the number of files you have destroyed and the infected computer’s IP address.
According to Symantec, the evidence found suggests that Shamoon is being used in a directed and focused in the energy sector and, apparently, last weekend Saudi Aramco (an oil company of Saudi Arabia) have also been victim of this malware .
What is the origin of Shamoon? This detail is not yet known and now all that is known are data on the spread, which is focusing on the Middle East and would have affected about 50 systems, a number that is perhaps something low but it is still a matter sector companies should follow closely.Tags: cyber, Energy, malware, security, Shamoon