By Layan Damanhouri
Saudi Gazette
JEDDAH — Shamoon 2.0 was confirmed to be the malware that has targeted public and private organizations in the Kingdom this week, security company FireEye said.
“At the moment, Mandiant is responding to requests from several organizations in Saudi Arabia to conduct forensic investigations, in light of the incident,” said Stuart Davis, director for the Middle East and Africa at Mandiant, a FireEye company.
The malware is said to have been initiated by an email attachment, hitting over 18,00 servers in some 9,000 computer devices at 11 organizations, according to the The Interior Ministry’s National Electronic Security Center, a local daily reported.
Since 2012, when the first instance of the Shamoon malware attack was detected and attacked thousands of computers in the energy sector, Mandiant has responded to several Shamoon 2.0 related incidents in the region.
“Mandiant has responded to several Shamoon 2.0 related incidents in the region and it is clear that this campaign, which started 4 months ago, has no ending in sight,” added Davis. “The new attacks share similarities with the previous Shamoon attacks that occurred in the Gulf region on November 2015 and August 2012.”
Asked which sectors are targeted, senior security researcher at Kaspersky Lab, Mohammad Hasbini said: “The Shamoon malware is targeting companies in the energy, industrial, transportation, financial and government sectors.”
In particular, he added, the consumer and business lines of organizations have been targeted.
“The malware samples used in the latest Shamoon 2.0 APT campaign are detected and blocked by Kaspersky Lab products in its consumer and business lines since January 23rd,” he said. “Kaspersky Lab customers are protected from the moment we know about a new threat, and sometimes even earlier because our proactive technologies discover unknown threats automatically.”
Davis said government and organizations in the oil and gas industry should implement controls that could limit the damage of the Shamoon 2.0 malware.
To limit the damage of the Shamoon 2.0 malware, Mandiant recommends organizations to review their disaster recovery plans for critical systems, halt client-to-client communication, and change passwords and accounts.
Security companies advise organizations to be prepared in the long term with the technology, threat intelligence and expertise to detect and respond to unknown attacks.
