I wish the security vendors would rename this recent strain of malware attacking oil and utility companies in the Middle East. Every time I see a story about it I immediately read it as “ShmooCon” and think there’s some big new announcement. Unfortunately, although The Shmoo Group announced the dates and location a few weeks back, there haven’t been any more details released. My second reaction is to read it as “Shamu” and maybe that’s more appropriate given that she’s a killer whale. In this case the “Shamoon” malware “kills” the data on the machines it infects. Now, I’m no expert on this new malware but fellow NoVA Blogger Richard “@taosecurity” Bejtlich had this to say in a recent interview with DarkReading.com.
Richard Bejtlich, chief security officer at Mandiant, says these recent attacks should serve as a cautionary tale for all types of organizations. “This is something everybody should worry about … This ability to destroy people’s computers and wipe them clean has been around a couple of decades, but it’s taken mass events probably caused by the Iranian government and its proxies, to wake people up,” he says. “Utilities are just one victim, chosen for economic and political reasons: it could be anybody.”
Mandiant’s Bejtlich says he doubts many organizations have considered the possibility of widespread destruction of computers in their incident response plan. “In my last job, we didn’t have that. What if tens of thousands of machines were bleeding? That would have swamped our help desk and IT department. I’m not sure how IT would have supported getting people back online while having to do their regular business” of handling the enterprise servers and network, he says.
The scorched-earth-type attack would pose a big challenge for most IT departments, he says. IT departments would have to deal with getting the company’s critical servers cleaned and back online, for example, potentially leaving end users to fend for themselves. Trying to restore tens of thousands of user machines to a “gold” image would be problematic, he says, especially if users tried to do it themselves.
“They might not get patched, or need to have their own data restored,” Bejtlich says. “I get scared just thinking about it.”
What do you first think of when you read articles about Shmoocon? Let us know in the comments below. Today’s post pic is from TopNews.in. See ya!