Cybercriminals are targeting U.S. businesses with malware with destructive capabilities, much like the one that recently crippled Sony, the Federal Bureau of Investigation warned late Monday.
The malware described in the five-page confidential “flash” FBI warning issued to businesses on Monday appear to be the same as the one that affected Sony Pictures Entertainment last week, security experts told Reuters. The FBI did not mention Sony by name in the warning and also did not say how many companies have already been targeted.
The malware is capable of overriding all data on hard drives of computers, including the master boot record. The attack on Sony brought down corporate email and crippled other systems. Attackers also dumped a treasure trove of information online.
“The main news story in the FBI advisory is the abrupt shift from theft to destructive vandalism,” said Dr. Mike Lloyd, CTO at RedSeal. Most breaches tend to focus on stealing valuable data, not outright destruction. While some of the data—related to unreleased movies—was stolen and exposed, the attackers intent on damaging equipment, he said.
The malware attack against Sony would be the “first major destructive cyber-attack waged against a company on U.S. soil,” Reuters reported. Similar attacks—such as the Shamoon attack against Saudi Aramco in 2012—have been observed in other parts of the world, namely Asia and the Middle East. Many experts believe these attacks are launched on behalf of North Korea and Iran.
“The FBI’s decision to communicate the likelihood of attacks resulting in high damage including complete loss of data indicates their belief in a widespread, concerted effort to damage business infrastructure,” said Steve Hultquist, chief evangelist at Red Seal.
The warning provided technical details for the malware and recommended businesses contact the FBI if they encountered similar malware. Repairing the systems frequently requires wholesale hard drive replacement as the worst-case scenario, and re-imaging at the very best.
“The overwriting of the data files will make it extremely difficult and costly, if not impossible, to recover the data using standard forensic methods,” the report said.
The report also mentioned some of the software used was compiled in Korean, but did not draw any links to North Korea.
“The Sony attack is a wake-up call for businesses – it explains why the FBI is warning organizations to review their defensive readiness, since a similar “IT bomb thrower” can easily target their infrastructure to do similar damage.”
Security Current
Security Current improves the way security, privacy and risk executives around the world collaborate to protect their organizations and their information. Its CISO-driven proprietary content and events provide insight, actionable advice and analysis giving executives the latest information to make knowledgeable decisions.
