Attackers have launched a destructive attack against the business systems of US companies, according to an FBI warning issued this week.
The confident, five-page FBI “flash” warning obtained by Reuters contains technical details about the malware, which overrides all data on hard drives and then wipes the master boot record, preventing systems from starting. The memo comes in the wake of a purported attack against Sony Pictures Entertainment. Sony reportedly hired FireEye’s Mandiant arm to assist with gaining control of its corporate email and other endpoint systems that have been crippled by an attack for days. The firm has remained quiet about the details of the infection.
Solution providers told CRN US that the destructive malware could pose a tremendous risk to financial services firms, but said most organisations manage multiple backups as part of system redundancy and business continuity plans.
It’s not the first time that destructive malware has come to the forefront. In 2012, Aramco, Saudi Arabia's national oil company, had 30,000 systems infected by Shamoon in an attempt to disrupt oil production. Shamoon targeted Windows NT systems and spread through network shares. It took Aramco a week to recover from the attack, which involved deploying new workstations. The Stuxnet worm, a nation-state attack aimed at disrupting Iran's nuclear centrifuge program, targeted the programmable logic controllers being supported by Siemens industrial control systems. That attack ended up having collateral damage, infecting industrial control systems at organisations globally.
In addition to cyberattacks delivered by nation-states as part of cyberwarfare or cyberterrorism, destructive attacks can be waged by hacktivists, hell-bent on disrupting or bringing their target down as part of supporting a political movement or belief.
Financially motivated cybercrime also can have a destructive and costly impact. Solution providers said they also have been helping clients recover from ransomware attacks that have caused costly disruption to businesses. Threats such as CryptoLocker and CryptoWall encrypt system files and attempt to extort a payment to unlock them from victims. CryptoLocker infected hundreds of thousands of computers and is said to have generated losses exceeding US$100 million. Attackers also have pushed the envelope, adding password stealers to ransomware variants.
"Some organizations that continued to do work after they were infected lost all that data," said Jim Flynn, vice president of operations and chief security officer at data backup vendor Carbonite, which established a ransomware task force to deal with the threat. "Most organisations recovered but still lost about two weeks of backups."