Slyck.com
 
Slyck Chatbox - And More

Shamoon Disk-Wiping Attackers Can Now Destroy Virtual Desktops, Too

What's happening in the technology world related to software. Please submit stories for this forum here.
Forum rules
PLEASE READ BEFORE POSTING: Slyck Forum Rules

Shamoon Disk-Wiping Attackers Can Now Destroy Virtual Desktops, Too

Postby sunnyd » Wed Jan 11, 2017 10:09 am

Story : http://arstechnica.com/security/2017/01/shamoon-disk-wiping-malware-can-now-dest





There's a new variant of the Shamoon disk-wiping malware that was originally unleashed on Saudi Arabia's state-owned oil company in 2012, and it has a newly added ability to destroy virtual desktops, researchers said.

The new strain is at least the second Shamoon variant to be discovered since late November, when researchers detected the return of disk-wiping malware after taking a more than four-year hiatus. The variant was almost identical to the original one except for the image that was left behind on sabotaged computers. Whereas the old one showed a burning American flag, the new one displayed the iconic photo of the body of Alan Kurdi, the three-year-old Syrian refugee boy who drowned as his family tried to cross from Turkey to Greece. Like the original Shamoon, which permanently destroyed data on more than 30,000 work stations belonging to Saudi Aramco, the updates also hit one or more Saudi targets that researchers have yet to name.

According to a blog post published Monday night by researchers from Palo Alto Networks, the latest variant has been updated to include legitimate credentials to access virtual systems, which have emerged as a key protection against Shamoon and other types of disk-wiping malware. The actor involved in this attack could use these credentials to manually log into so-called virtual management infrastructure management systems to attack virtual desktop products from Huawei, which can protect against destructive malware through its ability to load snapshots of wiped systems.

"The fact that the Shamoon attackers had these usernames and passwords may suggest that they intended on gaining access to these technologies at the targeted organization to increase the impact of their destructive attack," the Palo Alto Networks researchers wrote. "If true, this is a major development and organizations should consider adding additional safeguards in protecting the credentials related to their VDI deployment."







Follow Slyck on Twitter @SlyckDotCom
Join Slyck's Facebook Fan Page
User avatar
sunnyd
 
Posts: 29138
Joined: Mon Jan 21, 2008 2:34 pm

Return to Tech/Software News

Who is online

Users browsing this forum: No registered users and 2 guests

© 2001-2008 Slyck.com