Shamoon Malware Spawns Even Nastier ‘StoneDrill’

Posted by Jay Bartlett March 7, 2017 6:42 pm Categories: Cyber Security Tags: Cybersecurity, Kaspersky Labs, malware, Shamoon, StoneDrill.

Researchers following up on last November’s re-emergent Shamoon malware attacks have found something even nastier. A new, more dangerous malware called StoneDrill has been detected by Kaspersky Labs as they were studying Shamoon malware that has hit the energy sector in the Middle East initially. It is a data destroying code that sits in a victim’s browser, and wipes any physical or logical path accessible with the target user’s privileges.

Mike Patterson, CEO of Plixer says, “StoneDrill demonstrates the impressive strides these miscreants have made at evading the most current detection methods. IP and domain reputation services are not helpful because this new strain doesn’t reach out to C&C servers. This means old school infiltration tactics such as phishing attacks or planting USB sticks in the work place parking lot could be a good way to get into the building. The malware is tested by its developers to ensure that it can evade sandbox techniques used by firewalls and it uses encryption. Organizations wishing to detect this type of infection must install agents such as Yara and/or leverage network behavior analysis techniques to uncover odd traffic patterns that could expose the signs of a Yara infection.”

Although StoneDrill mostly seeks Saudi Arabian targets (and has Persian language resources in the code), Kaspersky’s authors Costin Raiu, Mohamad Amin Hasbini, Sergey Belov, and Sergey Mineev discovered it in Europe, and take this as a hint that the attackers might be widening their campaign.

There’s also a backdoor module that has a choice of four command and control servers. The commands the researchers found in the malware suggest an espionage operation, with screenshot and upload capabilities, and to help evade detection, it functions at the file level and doesn’t need to use disk drivers during installation.

StoneDrill also has better anti-emulation techniques, compared to Shamoon 2.0, they write.

Like Shamoon 2.0, StoneDrill was apparently compiled in October and November 2016 (going by timestamps the authors left in the debug directory).

The full report, here, identifies what Kaspersky looks for in Shamoon 2.0 and StoneDrill: Trojan.Win32.EraseMBR.a, Trojan.Win32.Shamoon.a, Trojan.Win64.Shamoon.a, Trojan.Win64.Shamoon.b, Backdoor.Win32.RemoteConnection.d, Trojan.Win32.Inject.wmyv, Trojan.Win32.Inject.wmyt and HEUR:Trojan.Win32.Generic.

Source: theregister.co.uk

0 Comments

How An Innovative Control Room Can Help Secure The Budding Cannabis Market

It’s no secret that the cannabis industry is growing. Numerous states across the United States, from California to Maine, have legalized recreational cannabis, with 33 total states allowing cannabis for medicinal uses. And it’s not just the United States that’s seeing this trend: Canada’s official legalization of recreational cannabis took effect last October. This growth is leading to incredible opportunities in the industry, with the global market valued at $10.3 billion in 2018 and projected to reach $39.4 billion by 2023. This market opportunity expands far beyond the companies that directly deal with the cannabis plant, with numerous adjacent businesses on track to experience benefits.