Shamoon: a weapon of destruction

Field-deployed responders from IBM X-Force IRIS find the missing link in the Shamoon malware attacks

Most cyber crime involves the exfiltration of data. Bad guy breaks into a system, gets access to information, downloads that data and extorts it for profit or influence. But what if rather than stealing the data or holding it hostage with ransomware, what would happen if it was completely destroyed? What if it was unrecoverable to the point that even the master boot record was blown away so recovery from backup required manual intervention machine-by-machine and server-by-server.

What I am describing is Shamoon and it is responsible for some of the most devastating attacks we have seen to date. It's destructive nature is well beyond what you would see in a normal malware infection and its a good time to review your playbooks to understand how you would detect respond to a destructive attack that is capable of taking down infrastructure for days or even weeks.

Researchers from the IBM X-Force Incident Response and Intelligence Services (IRIS) have been deployed in the region for several months and they recently identified a missing link in the operations of a threat actor. Check out the details in this blog post:

Blog Post