7
How Seculert Discovered the Shamoon Malware © 2013 Seculert Company, All Rights Reserved

How Seculert Discovered Shamoon

Embed Size (px)

Citation preview

Page 1: How Seculert Discovered Shamoon

How Seculert Discovered the Shamoon

Malware

© 2013 Seculert Company, All Rights Reserved

Page 2: How Seculert Discovered Shamoon

• Shamoon is a 2-stage attack targeting Oil & Energy companies

• Comprised of 3 modules

– Dropper

– Reporter

– Wiper

• Extracting data via an internal infected machine proxy

2

Shamoon Targeted Attack

#seculertjuly2013© 2013 Seculert Company, All Rights Reserved

Page 3: How Seculert Discovered Shamoon

• Spreading itself on the local network via Scheduled Tasks

• Abuse a legitimate & signed RawDisk driver to wipe MBR

• Wiper module Time Bomb

– Wipe drive and MBR at specified dates and times

– Others copycat this capability

Shamoon Targeted Attack

#seculertjuly2013© 2013 Seculert Company, All Rights Reserved 3

Page 4: How Seculert Discovered Shamoon

• Initial attack vector is still unknown

– Physical access / Insider

– Partner

– Spear phishing

• Time based attack (time bomb)

• Worm spreading in local network

• Using local machine as a proxy

• Most of the victim companies were using solutions which are focused on prevention

Shamoon – Why It Wasn’t Prevented

#seculertjuly2013 4© 2013 Seculert Company, All Rights Reserved

Page 5: How Seculert Discovered Shamoon

• A customer uploaded a suspicious file to the Seculert Elastic Sandbox

• Malware behavioral profile was automatically created

• Shamoon was detected on another customer using Big Data analysis of their gateway traffic logs

• Customers use Seculert API to enhance their on-premises security devices to protect against Shamoon

How Seculert Identified Shamoon

#seculertjuly2013 5© 2013 Seculert Company, All Rights Reserved

Page 6: How Seculert Discovered Shamoon

From Prevention to Protection

Persistent attacks require a new approach

Big Data analytics

Long-term analysis

Advanced malware profiling

Automated expertise

#seculertjuly2013 6© 2013 Seculert Company, All Rights Reserved

Page 7: How Seculert Discovered Shamoon

Let Seculert Detect Unknown Malware on Your

Network

Sign-up Now

Immediate Results – No Credit Card Required – Initial Results are FREE!

© 2013 Seculert Company, All Rights Reserved