Cybersecurity is a topic that is on everyone’s minds these days. From ransomware to corporate hacking to common malware, cybercrime is now just another risk of doing business in the modern world. In light of a new virus that is causing real damage across industries, we want to provide a little insight into the disk wiping malware Shamoon and look at the most important actions you can do to protect your data.
The Rise of Cyber Sabotage
Shamoon, if you aren’t familiar with the virus, is a cybersabotage program that originally rose to fame by wiping data from 30,000 computers at Saudi Arabia’s national oil company, Saudi Aramco, in 2012. Similar attacks were to blame for the Sony Pictures Entertainment breach in 2014 and the attack against South Korean banks and broadcasting organizations in 2013. The aim of malware like Shamoon, or Disttrack, is sabotage. They are part of a family of destructive programs known as disk wipers. It spreads to other computers on a local network by using stolen credentials and activates the damaging disk-wiping program on a designated date.
Making a Comeback
The Shamoon malware is back and now able to target server-hosted virtual desktops. Security researchers from Symantec reported last November that they observed this new version of Shamoon in attacks on Saudi Arabian targets on the evening of Thursday, November 17th. Other cyber-security watchdogs found another variant of Shamoon likely used on different targets in Saudi Arabia, this time with a kill date of November 29th. This version contained hard-coded account credentials that were specific to the target organization, including Windows domain accounts and a few default usernames and passwords for Huawei FusionCloud, a virtual desktop infrastructure solution. The virtual desktop products allow companies to run multiple virtual desktops inside a data center, where then users can access these virtual PCs from different branches and offices as needed.
Targeting Virtual Desktop Infrastructure
The attackers targeting these virtual desktop infrastructures (VDI) knew that simply wiping virtual PCs wouldn’t produce the lasting damage they were aiming for as administrators can easily restore the virtual desktop to a known working state if something goes wrong. In response to this, the hackers used VDI usernames and passwords to ensure that damage was lasting and complete. The security researchers from Palo Alto Networks who identified this new breed of the Shamoon malware said that in light of this new technique, organizations should consider adding additional safeguards to protect the credentials related to VDI deployment. It’s clear that while the purpose of these attacks was the destruction of data and corporate sabotage, the methods used could easily be adopted by ransomware creators in the future. Some ransomware variants already seek out and delete certain types of backups before encrypting data, so the targeting of VDI snapshots and account information would seem like the next step in the progression of the crime.
Related Article: How can you maintain a high level of security while working from home?
The Security of Offsite Storage, Without the Hassle
With outsourced document and records management, records are out of the way, but easily accessible when you need them. HF Services can deliver physical data within two hours, and electronic data in under ten minutes.
- Save space by getting seldom-used files out of cabinets and data off of drives
- Control data by securely storing it offsite and managing it with HF Services
- Improve compliance by ensuring that all critical data is stored securely and accessibly
- Secure and retain data as long as you need it
- Bring order to chaos by streamlining and consolidating your records
Check out our data solutions for organizations of all sizes.
