Cyber Terror - Saudi Under Attack! Shamoon with New Ammunition?

Saudi Arabia urged organizations in the Kingdom on Monday to be on high alert for cyber attacks including a version of the devastating Shamoon virus, as a chemical firm reported a network disruption. Jubail-based Sadara Chemical Co, a joint enterprise firm owned by Saudi Aramco and U.S. company Dow Chemical, said it had encountered a network disruption on Monday morning and was working to fix the issue.The labor ministry, meanwhile, said a cyber attack had hit it, but that it did not impact its data. It stated that Human Resource Development Fund (Hadaf) had also been affected, but with little impact.An alert from the telecoms authority warned all parties to be watchful for attacks from the latest variant (2.0) of the Shamoon virus that impaired of tens thousands of computers at oil giant Saudi Aramco in the year 2012.The Shamoon virus in 2012 erased hard drives of more than 30000 computers and showed images of burning American flags on sabotaged computer systems. Researchers said the Shamoon 2 is almost identical, except the picture displayed on systems: the disturbing image of the body of three-year-old Syrian refugee Alan Kurdi, who drowned in the Mediterranean last year.Like the first variant of Shamoon, which permanently destroyed data on more than 30,000 workstations belonging to Saudi Aramco, the latest version also hit more than 30 organizations, which included 15 Government agencies and a lot of private institutions, according to the comments aired by a state-run television channel on Monday.The list includes some of the top insurance firms, and potentially some other critical organizations in the country.U.S. Defense Secretary Leon Panetta at the time described the Shamoon attack on Saudi Aramco in 2012, as the most destructive to ever target the private sector.The new variant of Shamoon disk-wiping malware has newly added ability to destroy virtual desktops.The latest modification has been updated to include valid credentials to access virtual systems, which have developed as a key security feature against Shamoon and other types of disk-wiping malware attacks. The actor behind this attack could utilize these credentials to attack virtual desktop products from Huawei, which can defend against this destructive malware through its ability to load snapshots of wiped systems.Disttrack wiper malware is the core component of Shamoon 2 attack also. Disttrack is optimized to destroy systems by marking their hard drives for wiping, and then spread as widely as possible throughout a network it penetrates. Moreover, the Disttrack malware configured to operate without any command and control (C2) servers, as it is well designed with more self-sufficiency, and is capable for a one-way mission of data destruction.The new attack targets VDI (Virtual Desktop Infrastructure) systems, with either legitimate hacked credentials or the default ones. Considering that VDIs were identified as a better alternative to protect the data and services in comparison with physical desktops, this new mode of attacks is well designed and advanced to overcome the potential defenses in more matured organizations too. These type of attacks gives more nightmares to security professionals, as whatever new and advanced safeguards they build are under threat from sophisticated attackers, who works minimum one step ahead. Multilevel defense and ensuring the security fundamentals are extremely critical to defending future attacks, which could be evolving every day.