Shamoon malware destroying hardware

Next story
James Pavett

Researchers from IBM X-Force Incident Response and Intelligence Services have published an article on a devastating piece of malware.

According to a recent discovery, multiple government and civil organisations in Saudi Arabia and other Gulf States have suffered hacks to thousands of computers in November 2016 and January 2017.

The Shamoon malware attacks were designed to destroy hardware in computers, making it dissimilar to ransomware, which holds the data hostage until a fee is paid.

Attackers target the organisation by sending spear phishing emails to the employees containing a Microsoft Office document as an attachment. By opening the attached file, this invokes PowerShell and allows the commanding line complete access to the compromised machine.

Now the attackers have complete control, they can communicate and remotely execute on the compromised machine, using their access to install additional tools and malware to other endpoints.

The internal network is then studied by the connected external user, once the system and critical servers are known the Shamoon malware will be installed. The malware starts a coordinated outbreak and hard drives all across the organisation are wiped, permanently.

Mark James, ESET IT Security Specialist, suggests tactics to prevent such malware entering systems and lessons that can be learned from this incident.

Malware protection is made up of many layers.

“Just installing security software will help but won’t protect you as well as ensuring your Operating Systems and applications are updated as well.

“Educating users and staff on typical or current threats will help boost that defence.

Not clicking links or running macros within documents is a good base to start.

“Cyber security is a job that should be added to everyone’s job description.

“We often hear about users being the weakest link, but they are an asset that can be taught, nurtured and armed with knowledge to fight todays attacks, that way they become an important part of your defence.

All companies are a target as all data has a value.

“These days we have to understand cyberattacks are part of our digital world, and we need to factor defence in from the start, not an add-on or after thought.

“With the right layered defences, like a good regular updating internet security product, updated OS and applications, policies and procedures that are clear and concise that attack vector can be lowered considerably.”


How effective is your companies IT security policy? Is it strict or lenient? Let us know on Twitter @ESETUK


Join the ESET UK LinkedIn Group and stay up to date with the blog. If you’re interested in seeing where ESET has been featured in the news then check out our ‘In the news’ section.