FBI Warning Shows Targeted Attacks Dont Just Steal Anymore

  /     /     /  
Publicated : 22/11/2024   Category : security


FBI Warning Shows Targeted Attacks Dont Just Steal Anymore


An FBI advisory points to an increasing trend of destructive malware for activist, anti-forensics purposes.



As rumors and hazy news about the hack against Sony Pictures Entertainment continue to gel into credible theories about what exactly happened and who carried out the attack, one solid detail has emerged out of the mess. In the wake of the attack, the FBI has issued a warning against destructive malware that some experts believe could be tied to discoveries from the Sony attack.
A
Reuters report
this morning first broke news of the confidential FBI flash warning issued to a number of businesses yesterday. The agency counsels organizations to be on the lookout for malware that wipes data from infected machines. The malicious software even deletes the master boot record, effectively bricking systems and keeping them from booting up.
The FBI did not confirm whether the warning had anything to do with the Sony attack, but the timing suggests a connection. It came very soon after news broke that Sonys email systems were down for a week following an attack that stole unreleased motion pictures and potentially even
pilfered employee healthcare and salary data
, according to a report today from Krebs On Security. Some theorize that the attack may have been politically motivated to punish the studio for its impending release of
The Interview
, a movie about two journalists enlisted by the CIA to assassinate North Koreas Kim Jong Un.
Regardless of what really happened at Sony, the FBI warning stands in its own right as a caution to be doubly wary of attacks that could not only steal or leak information, but also threaten an organizations operational continuity. Such destructive malware capabilities are hardly new; researchers have been tracking wiper behavior for some time. One of the biggest examples of this was the attack against the Saudi Aramco oil company two years ago, which wiped 30,000 PCs clean using the Shamoon malware family. However, Shamoon was just a continuation of this class of data-destroying malware.
This ability to destroy peoples computers and wipe them clean has been around a couple of decades, but it has taken mass events, probably caused by the Iranian government and its proxies, to wake people up, Richard Bejtlich, then with Mandiant and now with FireEye,
told Dark Reading
at the time of the Aramco attack.
That trend only seems to continue. Tom Kellermann, chief cyber security officer for Trend Micro, says the North Koreans used similar tactics last year.
The North Koreans began this type of campaign in 2013 with the detonation of MBR Wipers. Logic bombed throughout South Korea during the Dark Seoul campaign, he says. This kind of nation-state activity could be just a taste of whats to come from both terror groups and financially motivated attackers. Elite hacker crews have used wipers as anti-forensics countermeasures. In some unique instances, they initiate the counter measure from a secondary backdoor once the initial [command-and-control] is terminated.
Though wipers are still present in a relatively small proportion of attacks, the warning from the FBI is evidence that the trend may be snowballing quickly. According to Jeff Horne, vice president of emerging solutions for Accuvant, the use of wiper functionality is more present today than it has ever been. He says that enterprises must factor this into their incident response procedures, because dealing with this kind of malware requires a much different touch than that given to targeted attacks in the past.
It completely changes our remediation strategy if we find a piece of code that has a kill switch inside that controls the code and destroys the network if attackers dont maintain control of the code, says Horne. A lot of energy companies, for example, cut off their Internet connection at the first sign of attack. But they need to be cognizant that some things have a time delay in them that says, If I cant connect to my server after 20 hours, then Im going to blow up.
Thats problematic, says Ron Gula, CEO and CTO at Tenable Network Security, considering that most organizations are just now tooling up to battle malware that simply steals information.
If attacks like those against Sony continue against other US companies, 2015 will be a year of disrupted services, he says. Most US-based companies have been preparing to avoid an embarrassing and financially damaging loss of sensitive data through exfiltration, such as the Target breach. They are not prepared for pure destruction of data.

Last News

▸ 27 Million South Koreans Hit by Online Gaming Theft. ◂
Discovered: 23/12/2024
Category: security

▸ Homeland Security Background Checks Breach Raises Concerns. ◂
Discovered: 23/12/2024
Category: security

▸ Fully committed to the future world of technology. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
FBI Warning Shows Targeted Attacks Dont Just Steal Anymore