Data-Wiping Malware Shamoon Destroys Files At Italian Oil and Gas Company; Other Energy Companies Operating in the Middle East Warned of Cyber Attacks

An anonymous reader writes: A new variant of the Shamoon malware was discovered on the network of an Italian and UAE oil and gas companies. While the damage at the UAE firm is currently unknown, the malware has been confirmed to have destroyed files on about ten percent of the Italian company's PC fleet.

Shamoon is one of the most dangerous strains of malware known to date. It was first deployed in two separate incidents that targeted the infrastructure of Saudi Aramco, Saudi Arabia's largest oil producer, in 2012 and 2016. During those incidents, the malware wiped files and replaced them with propaganda images (burning US flag, body of Alan Kurdi). The 2012 attack was devastating in particular, with Shamoon wiping data on over 30,000 computers, crippling the company's activity for weeks. Historically, the malware has been tied to the Iranian regime, but it's unclear if Iranian hackers were behind this latest attacks. This new Shamoon version was revealed to the world when an Italian engineer uploaded the malware on VirusTotal, triggering detections at all major cyber-security firms across the globe.

Re:Antivirus

Posting AC because I did some consulting work in UAE, a gig that came about because the UAE was trying to avoid this specific thing.

Big part of the problem in the UAE is that the country is trying very hard to educate the locals to be IT managers in charge of IT contractors who come and go as fast as they can (in accordance with other labor practices in the middle east). When you have IT managers who don't really want to be IT managers, and aren't very good at it, and look down at the people actually doing the work from multiple angles (financial, cultural, religious, etc.)...then you're eventually going to have a bad day, no matter how many security tools you buy.