Data-Wiping Malware Destroys Data At Italian and UAE Oil and Gas Companies (zdnet.com)

← Back to Stories (view on slashdot.org)

Data-Wiping Malware Destroys Data At Italian and UAE Oil and Gas Companies (zdnet.com)

Posted by BeauHD on Sunday December 16, 2018 @05:17AM from the coming-back-with-a-vengeance dept.

An anonymous reader writes: A new variant of the Shamoon malware was discovered on the network of an Italian and UAE oil and gas company. While the damage at the UAE firm is currently unknown, the malware has been confirmed to have destroyed files on about ten percent of the Italian company's PC fleet. Shamoon is one of the most dangerous strains of malware known to date. It was first deployed in two separate incidents that targeted the infrastructure of Saudi Aramco, Saudi Arabia's largest oil producer, in 2012 and 2016. During those incidents, the malware wiped files and replaced them with propaganda images (burning U.S. flag and body of Alan Kurdi). The 2012 attack was devastating in particular, with Shamoon wiping data on over 30,000 computers, crippling the company's activity for weeks. Historically, the malware has been tied to the Iranian regime, but it's unclear if Iranian hackers were behind these latest attacks. This new Shamoon version was revealed to the world when an Italian engineer uploaded the malware on VirusTotal, triggering detections at all major cyber-security firms across the globe.

39 comments

Min score:

Reason:

Sort:

In case you missed it... by aaarrrgggh · 2018-12-16 05:22 · Score: 3, Informative

https://it.slashdot.org/story/...
1. Re:In case you missed it... by thegarbz · 2018-12-16 08:35 · Score: 1, Funny
  
  Shamoon hit BeauHD's computer.
2. Re:In case you missed it... by Anonymous Coward · 2018-12-16 09:59 · Score: 1
  
  Are we absolutely this isn't a Windows 10 update doing all of this?
  Asking for Donald Trump...
  CAP === 'coconut'
Absolutely no problem by Dunbal · 2018-12-16 05:33 · Score: 3, Funny

That's ok, you can just restore the data from the back ups. You make regular back ups, right?

--
Seven puppies were harmed during the making of this post.
1. Re: Absolutely no problem by Anonymous Coward · 2018-12-16 08:25 · Score: 0
  
  I think they have plenty of time to investigate this. Especially once the forensic folks are out of the way and people can properly work. This hasnâ(TM)t happened at large US companies like Amazon, Apple, and Google. Although there was an incident at the Apple web pages on amazon that AT&T folks uncovered and google had a separate incident. I suspect it really didnâ(TM)t matter. Security personnel at these places are worse than places like Facebook where itâ(TM)s just consumer data and not as important to keep safe
2. Re:Absolutely no problem by thegarbz · 2018-12-16 08:36 · Score: 1
  
  Not relevant. Just because you have backups doesn't mean the outage can't cost you your business.
3. Re:Absolutely no problem by Dunbal · 2018-12-16 12:36 · Score: 2
  
  Absolutely relevant - if you didn't make backups then the outage probably WILL cost you your business. But hang in there, you might get this sarcasm thing eventually.
  
  --
  Seven puppies were harmed during the making of this post.
4. Re:Absolutely no problem by Billly+Gates · 2018-12-16 16:11 · Score: 1
  
  Not if management thinks backup means online cloud based overprovsioned by just 20% means real backup according to the slick sales people as tapes are sooo unhip and pre-mellenial so that means it can't be as good.
  Yes there are young system admins who think raid is a backup and so is cloud storage which also get encrypted too. Or they only provision 20% snaspshot or incremental changes only. Not a full 100% double which a full encryption would do killing the so called "cloud" backups too.
  
  --
  http://saveie6.com/
5. Re:Absolutely no problem by Anonymous Coward · 2018-12-17 02:50 · Score: 0
  
  Serves them right. Risk Matrix , Highly likely and High impact.
  there a two ways to do backups. Traditional, and point in time that does physical track level restores that take minutes , not days.
  One alternate scenario is someone has sticky fingers, and data destruction is GOOD because one has wiped the tracks so as to speak.
6. Re:Absolutely no problem by thegarbz · 2018-12-17 05:07 · Score: 1
  
  No you missed my point. You quipped about the possibility that the backup strategy was not sufficient with your "You make regular back ups, right?" comment.
  However that is completely irrelevant. These companies are now in a position where they need to dedicate resources to make use of those backups. Damage however mitigated has been done regardless, and just because you have backups doesn't mean your business couldn't go under.
  Maersk also had backups and lost no data, yet the 2017 malware was registered as a $300million extraordinary loss on their balance sheet regardless.
7. Re:Absolutely no problem by Dunbal · 2018-12-17 05:52 · Score: 1
  
  Maersk also had backups and lost no data, yet the 2017 malware was registered as a $300million extraordinary loss on their balance sheet regardless.
  There's a difference between taking a (real) loss, and going under. Loss is proportional to the size of your business. However if your IT department does not plan for contingencies you're not going to take a loss, you're going to be completely screwed. Let's see my original post again:
  
  That's ok, you can just restore the data from the back ups. You make regular back ups, right?
  In no way did my original post imply that no losses are ever incurred, which seems to be the point you're trying to stick to. However I think we both agree that those without a backup/contingency plan are going to be far worse off than those who have a robust one. Is this your thing? To analyze humor to the point that it's not funny anymore? Most people got it, which is why it's modded 'Funny'.
  
  --
  Seven puppies were harmed during the making of this post.
8. Re:Absolutely no problem by thegarbz · 2018-12-18 00:08 · Score: 1
  
  In no way did my original post imply that no losses are ever incurred, which seems to be the point you're trying to stick to
  For someone who's explaining the english in your original post you've done a great job (intentionally?) ignoring the point of mine.
Re: 9-11 was a Jew job by Anonymous Coward · 2018-12-16 05:44 · Score: 1

> over-educated libtards
Anyone who graduateds from the high school is a liberal.
known to date by sacrilicious · 2018-12-16 05:50 · Score: 4, Funny

Shamoon is one of the most dangerous strains of malware known to date.
Well, then if I see it come up on Tinder, I'm swiping left.

--
- First they ignore you, then they laugh at you, then ???, then profit.
1. Re: known to date by Anonymous Coward · 2018-12-16 05:52 · Score: 0
  
  This would be funny if it werenâ(TM)t tragic. Probably something to do with all that oil sitting in containers at the port
2. Re:known to date by Anonymous Coward · 2018-12-16 08:43 · Score: 0
  
  The Monkey Virus was the most dangerous strain of malware known to date.
Italian gas company malware by PopeRatzo · 2018-12-16 05:53 · Score: 1

That's-a what you get when have one too many braciole, you finocchio. Next time, you oughta read-a the sanity clause.

--
You are welcome on my lawn.
1. Re:Italian gas company malware by Anonymous Coward · 2018-12-16 05:57 · Score: 0
  
  You don't fool me. Everybody knows there's no sanity clause!
2. Re:Italian gas company malware by Anonymous Coward · 2018-12-17 06:10 · Score: 0
  
  Next time, you oughta read-a the sanity clause.
  The Italians should hire a sanity Czech.
Who did it by Anonymous Coward · 2018-12-16 06:09 · Score: 1

Since they used the staged Alan Kurdi photo-op it is likely western intelligence services that performed this act
Good. Someone needs to stop the Republican's... by Anonymous Coward · 2018-12-16 06:15 · Score: 0

global warming. They won't let us have a cooler Earth. People die every summer because they make it too hot for human life. In 2010, over 50,000 people died in Russia (downwind from Trump) because of their global warming.
ha ha ha!!! by SirAstral · 2018-12-16 06:25 · Score: 3, Informative

"The 2012 attack was devastating in particular, with Shamoon wiping data on over 30,000 computers, crippling the company's activity for weeks."
Sounds like business as usual... it's not worth the time to spend the money to protect against these problems... better off losing a whole lot fucking more money when it happens and then curse the department they directly prevented from protecting this problem.
This is worse than just shooting oneself in the foot, its more like making sure the trigger gets pulled no matter what.
This problem is everywhere too, this one just happens to make it into the news. I don't think businesses are really aware of how much money it hemorrhages in vain attempts to save money.
The lost productivity, the T&E required to restore that lost productivity, without exception, has always cost more than was ever saved.
I have seen companies experience multi million dollars losses because they did not see the value in a product that cost a couple of hundred K. This is especially true for redundant power. Backup power generation is stupid cheap compared to the losses you face from a 24 hour power outage. All those employees getting paid for doing no work is just the start of it.
Most businesses fundamentally do not understand security, and most programmers fundamentally work against good security, and so does most of the industry. Security has always been an after the fact effort.
1. Re:ha ha ha!!! by Anonymous Coward · 2018-12-16 07:53 · Score: 0
  
  Please don't pretend to be any kind of security professional, lol. It's just a silly look for you.
2. Re:ha ha ha!!! by Billly+Gates · 2018-12-16 16:15 · Score: 1
  
  2012 was the heart of the financial crises and great recession. Italy had unemployment rates close to 20%. The CEO and the shareholders needed to keep their bonuses and the spreadsheets looking good.
  The best way to do this is always outsourcing IT as it adds no follow the shareholders or the executives who want to keep their jobs and money.
  
  --
  http://saveie6.com/
3. Re:ha ha ha!!! by Anonymous Coward · 2018-12-17 04:46 · Score: 0
  
  >Most businesses fundamentally do not understand security
  yes and no. they don't fully understand why it's needed but they know it is the proper thing to do.
  what they know for sure is that it costs money. truckloads of it. developing secure software is completely different than developing software without security. orders of magnitude more expensive as far as testing goes.
Right now, as is? I can't help via hosts... apk by Anonymous Coward · 2018-12-16 06:30 · Score: 0

Per (& this is a WEIRD one): "The communications module is responsible for reaching out to hardcoded URLs to communicate with the C2 server, but like previous Disttrack samples, this communication module does not contain functional C2 domains to use in the URLs." - FROM https://unit42.paloaltonetwork...
* Assuming it's NOT using any OLDER ones from their previous articles on older versions of "Shamoon" - & I don't recall them so look for yourself IF you wish, they post links to old research I didn't check yet (complex article, as is).
(I'd have to say @ this point @ least, Mb & not send back anything to some 'controlling entity' imo - unlike most other botnets/malwares etc., this one's a "wee bit different" in THAT aspect hence my statement now... & IT HAS TO COME FROM SOMEWHERE, so if NOT ONLINE, perhaps USB sticks & LOCAL people in said organizations that were attacked...)
APK
P.S.=> That quote - THAT'S ODD - no domain/hostnames for C&C or unless I missed it, no IP addresses even (correct me IF I am off/wrong & missed these - no coffee yet today)... apk
We need more ecoterrorism... by Anonymous Coward · 2018-12-16 06:35 · Score: 0

to make it less hot. It's too damn hot now because of these corporations. I wonder how much cooler it got the first time they got hit.
Anti-oil activism? by shufflingb · 2018-12-16 08:33 · Score: 2

Two companies involved with the pollution and destruction of our planet. If Stuxnet can target Iranian centrifuges perhaps we're seeing the start of a new type of anti-oil activism?
1. Re:Anti-oil activism? by Anonymous Coward · 2018-12-16 08:51 · Score: 0
  
  Stuxnet, written by the United States and Israel, affected control systems. Shamoon just caused a wee bit of a non-critical system outage.
  There is absolutely no comparison. Who gives a shit if the Sexchange Server is down for a wee bit. In the grand scheme of things it is just a wee gnat of mere inconvenience. To prevent the outage of the Sexchange Server they could just get Orifice 365 (oops, thats Orifice 284 so far this year).
So, tied to Iran, then likely Israel. by Anonymous Coward · 2018-12-16 11:31 · Score: 0

The fact that is tied to Iran means it probably has nothing to with Iran...
1. Re: So, tied to Iran, then likely Israel. by Anonymous Coward · 2018-12-16 11:50 · Score: 0
  
  Guys, I've found am Iranian
2. Re: So, tied to Iran, then likely Israel. by Anonymous Coward · 2018-12-16 14:32 · Score: 0
  
  Or Russia, Europe, Canada, America...etc.
  There's a lot of market leverage once you take out UAE
use linux by Anonymous Coward · 2018-12-16 21:29 · Score: 0

use linux you dumb worthless fucks or eat shit, fully deserved
Re: 9-11 was a Jew job by Anonymous Coward · 2018-12-17 02:29 · Score: 0

This crazy conspiracy theory is so old, why do you continue with it when there have been so many other crazy conspiracy theories since then to choose from? Most of them will still allow you to express your insecurity against minorities, but you can also choose from liberals or conservative targets. The last 10 years in particular have been great for crazy theory conspiracies, you're really missing out by not upgrading to something new. This one is tired and old, not at the least amusing any more.