StoneDrill destroys everything on the infected computer and features advanced anti-detection techniques and espionage tools in its arsenal.
Published: Mon 6 Mar 2017, 7:18 PM
Last updated: Wed 22 Mar 2017, 4:51 PM
There is no rest for the weary they say; and this is especially true for Kaspersky Lab's Global Research and Analysis Team, which has discovered a new sophisticated wiper malware similar to a previous malware that attacked oil and gas companies in the Middle East.
Called StoneDrill, the new malware destroys everything on the infected computer, and features advanced anti-detection techniques and espionage tools in its arsenal. In addition to targets in the Middle East, one StoneDrill target has also been discovered in Europe, where wipers used in the Middle East have not previously been spotted in the wild.
Kaspersky Lab researchers say that StoneDrill is similar to the Shamoon wiper, which in 2012, made a lot of noise by taking down around 35,000 computers in an oil and gas company in the Middle East. In late 2016, the malware returned in the form of Shamoon 2.0 - a far more extensive malicious campaign using a heavily updated version of the 2012 malware. While built in a similar style to Shamoon 2.0, StoneDrill was very different and more sophisticated than Shamoon. So far, at least two targets of the StoneDrill wiper have been identified, one based in the Middle East and the other in Europe.
It is not yet known how StoneDrill is propagated, but once on the attacked machine it injects itself into the memory process of the user's preferred browser. During this process it uses two sophisticated anti-emulation techniques aimed at fooling security solutions installed on the victim machine. The malware then starts destroying the computer's disc files.
Besides the wiping module, Kaspersky Lab researchers have also found a StoneDrill backdoor, which has apparently been developed by the same code writers and used for espionage purposes. Experts discovered four command and control panels which were used by attackers to run espionage operations with help of the StoneDrill backdoor against an unknown number of targets.
Eugene Kaspersky, founder, chairman and CEO of Kaspersky Lab, who was in the UAE recently, notes that the global impact thanks to cyber-crime expertise is valued at half-a-trillion dollars. That's about one-third more than the UAE's GDP in 2015. According to the United Nations' International Telecommunications Union, the UAE ranks 17th on the list of the world's best-prepared countries in cybersecurity. Despite this, the UAE was the target of five per cent of the world's cyber attacks in 2016.
Kaspersky noted that 50 per cent of users in the UAE have come across, or been targeted, by malware online. More worryingly, 28 per cent of Internet users affected by malware in the UAE have no idea how it ended up on their device.
One theme that is still overlooked, but should come into greater focus in 2017, is that cybercrime is not just about wire transfers and immediate and direct monetisation of stolen information. Attackers are increasingly focused on data mining and will use the data they gather in more advanced future attacks, or sell it on the Dark Web for others to do the same.
- rohma@khaleejtimes.com
iPhone | iPad
Android
Huawei
