lolloj - Fotolia
A series of Shamoon malware campaigns against Saudi Arabia are the work of a co-ordinated force of attackers, data published by security firm McAfee shows.
The data destruction attacks against Saudi Arabia in 2012, 2016 and 2017 are unlikely to have been carried out by multiple independent renegade hacker groups, according to a report by McAfee security researchers.
While earlier Shamoon campaigns targeted a relatively small number of energy sector organisations to disrupt the operations of the region’s critical energy industry, the more recent attacks focused on a greater number of organisations in the energy, government, financial services and critical infrastructure sectors of Saudi Arabia.
The commonalities between these campaigns suggest that, rather than being the product of multiple independent hacker groups, they are more likely the product of one comprehensive cyber espionage operation on the scale one would expect from a serious geopolitical actor.
The findings illustrate the arc of the actor’s development and increased sophistication over the past five years. It is the latest evidence that rogue state and stateless actors are developing cyber warfare and cyber espionage capabilities without which they would otherwise be unable to gain advantages versus major state actors and their extensive conventional military and surveillance capabilities.
The McAfee disclosures are aimed at providing constructive guidance to fend off such attacks on their own organisations. “We strongly believe the latest threat data must be complemented with a deeper understanding of how today’s advanced cyber attacks operate,” said Raj Samani, chief scientist and head of McAfee strategic intelligence group, which leads McAfee’s investigative research.
“The revelations of this latest research remind us data can be the difference, but only if we can gain a view into the inner workings of threats, the campaigns they spearhead, and the individuals and organisations behind them,” he said.
Read more about cyber security in the Middle East
- In the wake of the Shamoon and Shamoon 2.0 malware attacks, a new wiper called StoneDrill is targeting organisations in the Middle East and Europe.
- As the Middle East IT industry continues to transform and embrace digitisation, what are the greatest threats it faces today?
- Cyber security issues will be a major theme at this month’s Gitex Technology Week 2016 conference in Dubai.
- Hot on the heels of the Qatar National Bank breach comes a campaign employing advanced social engineering techniques.
Publication of the Shamoon data coincides with an announcement that the newly-independent McAfee plans to increase investments and resources in cyber threat research.
McAfee said the new investment will focus on investigations of the global threat landscape’s most sophisticated cyber warfare and cyber crime campaigns.
Investigations of the latest threats, their design and how they are built into cyber-attack campaigns will be aimed at enabling organisations to better understand the technology and tactics of their adversaries.
Areas of increased focus will include advanced malware, ransomware, financial fraud, general cyber crime, cyber espionage, cyber warfare and protection of industrial control systems.
Among other contributions, McAfee will provide cyber security professionals with the McAfee Threat Landscape Dashboard, an overview of the latest, most significant threats tracked by McAfee researchers.
Increasing engagement with law enforcement
McAfee said it also plans to increase its engagement with law enforcement and academia, including co-ordinated efforts to take down criminal networks, develop new approaches to fighting cyber crime and recruit more young people to join the ranks of cyber security professionals.
“Campaign investigations complete our triad of research capabilities focused on keeping the digital world safe,” said Steve Grobman, chief technology officer for McAfee.
“McAfee is committed to bringing together world-class threat intelligence, vulnerability research, and investigative expertise to provide customers more insights into how specific malicious actors develop and wage cyber attacks,” he said.