On November 17, 2016, Shamoon malware struck once more.
As with the first Shamoon assault five years ago, the target was Saudi Arabia. But while earlier attacks focused on critical oil and gas infrastructure, last fall’s campaigns targeted Saudi government institutions, financial services, and other sectors. The objective was to gather information on individuals and organizations and wipe critical systems clean. With aggressive assaults across such a broad scope of attack surfaces, the latest Shamoon campaigns were nothing short of attempts to disrupt an entire nation.
Such an effort isn’t audacious given other events over the last several months. We’ve heard the revelations about the breach at Yahoo, watched the Mirai DDoS attack disrupt huge swaths of the Internet, and tried to come to terms with a DNC hack that many say influenced the American democratic process. The re-emergence of Shamoon is just the latest reminder that life and liberty can be imperiled by cyber-attacks.
It’s time—once again—for all of us to raise the stakes in our cybersecurity fight. We must match the audacious efforts of our adversaries with our own.
On the heels of the “new” McAfee launch, we are taking an important step in this effort by increasing investments and resources to fight and win with cyber threat research. Those investments are already starting to pay off, and last week we released new research on the evolution of the Shamoon cyberespionage campaigns that have ravaged the Middle East for half a decade.
The report identifies overlapping technology, tactics, and infrastructure among disparate Shamoon cyber campaigns in Saudi Arabia, and suggests there is one actor behind all the campaigns, rather than numerous independent cyber gangs. We further uncover that the actor has dramatically improved the sophistication of their attacks since 2012.
The research is the work of our Strategic Intelligence group, which works closely with our services organization’s Advanced Programs Group (APG). Led by Chief Scientist and McAfee Fellow Raj Samani, the group complements McAfee Labs’ threat intelligence analysis and Advanced Threat Research’s vulnerability research with an investigative specialization across several essential areas. These include advanced malware, ransomware, cyber campaigns and networks, financial fraud, cyber espionage, cyberwarfare, and protection of industrial controls.
Last week’s report reveals the first of many insights the group will provide our customers, partners, and law enforcement. The work is just one example of the “new” McAfee’s audacious effort to raise the stakes in the fight against our adversaries.
Attacks by cybercriminals, rogue states, or stateless actors, wherever they are targeted, are a threat to us all. Please join me in elevating our commitment to putting malicious actors where they belong—out of business.