Report: U.S., Israel Fingered In Latest Data-Annihilation Attack

  /     /     /  
Publicated : 22/11/2024   Category : security


Report: U.S., Israel Fingered In Latest Data-Annihilation Attack


But attribution obfuscation impedes rooting out source of the attack



Remember that rudimentary data-wiping malware found on a few computers in Iran this month? Most security experts pegged it as a simple, unsophisticated copycat of more sophisticated data-destruction malware attacks.
But in the latest twist, Industrial Safety and Security Source
reported
this week that the malware was courtesy of a U.S.-Israel attack, citing unnamed CIA sources who also say the attacks preceded the August Shamoon attack that hit Saudi Aramco and Irans oil ministry.
Security researchers are unconvinced, however, noting that malware attribution -- especially when it comes to espionage and sabotage -- is difficult. And Chester Wisniewski, a senior security adviser for Sophos who has studied the so-called Batchwiper/GrooveMonitor attack, says its highly unlikely that a CIA official would confirm such an attack if it were true.
The real problem is attribution obfuscation, says Roel Schouwenberg, senior researcher for global research and analysis at Kaspersky Lab. Following Shamoon, I stated wed likely start seeing a trend where supposed nation-state malware would become more simplistic. Only top teams can develop top malware, such as Stuxnet and Flame. So its quite clear what type of entity is likely behind it. Simplistic attacks can come from anyone, he says.
With targeted attacks, it doesnt matter whether its complex or simple, as long as it works, he says.
Still, he says Kaspersky doesnt know who or what type of entity is behind Batchwiper/GrooveMonitor. The only thing the attacks have in common from what we can see is the geographic location. But as we dont have reports from the wild for this most recent piece of malware, we cant actually confirm that, he says.
Irans CERT on Sunday first
issued an alert
about the relatively rudimentary malware, which was discovered to delete data off of various drives at specific times and dates. The malware is a very simple knockoff of other wiping malware with no relation to those previously discovered malware attacks, and very few machines were infected by it, according to the CERT.
Researchers from Symantec, Kaspersky Lab, AlienVault Labs, and SophosLabs all concurred that its a simplistic yet lethal piece of malware that doesnt appear to be related to the nation-state-built Stuxnet and Wiper that hit Irans nuclear facility, or the destructive Shamoon that wiped 30,000 workstations.
[The malware] is really as basic as it gets. It couldnt really be dumbed down much more. Its easily the most simplistic piece of malware Ive looked at all year, and well beyond that, Schouwenberg says. In terms of unique code, its five to 10 lines. By itself nobody would have paid attention to this 10 years ago, let alone now.
Have a comment on this story? Please click Add Your Comment below. If youd like to contact
Dark Readings
editors directly,
send us a message
.

Last News

▸ New threat discovered: Mobile phone ownership compromised. ◂
Discovered: 23/12/2024
Category: security

▸ Some DLP Products Vulnerable to Security Holes ◂
Discovered: 23/12/2024
Category: security

▸ Scan suggests Heartbleed patches may not have been successful. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Report: U.S., Israel Fingered In Latest Data-Annihilation Attack