Shamoon-style wiper malware is back – and this time it is showing an interest in European targets, according to cyber security researchers.
Experts from Kaspersky Lab uncovered StoneDrill, a piece of malicious software that has been targeting users in the Middle East and is now turning its attention to Europe.
They are yet to discover how the malware is propagated, but explained that it injects itself into browser memory using “two sophisticated anti-emulation techniques” that ensure it bypasses security solutions installed on the victim’s machine.
Its next step is to begin deleting the files on the computer’s hard drive, while a further module has been found that creates a backdoor on the infected system.
Two StoneDrill wiper targets have been identified so far – one in the Middle East and one in Europe – raising concerns that it could strike closer to home more frequently.
Its predecessor, Shamoon, took down 35,000 computers in a Middle Eastern oil and gas company in 2012, and a further campaign – Shamoon 2.0 – appeared in 2016.
The researchers said that while StoneDrill and Shamoon do not have the exact same code base, they share features relating to their authors’ mindsets and coding styles.
They also advised businesses on how to avoid falling victim to StoneDrill. Firstly, it was recommended that firms conduct security assessments to close any security loopholes that may exist on their networks. Next, the researchers encouraged organisations to work together to share intelligence, which in turn can help with initiatives like employee cyber security training.
They also argued the case for “enhanced methods of protection” that operate both inside and outside of the perimeter, with enough resources behind them to block attacks before they reach firms’ most important data and systems.
Photo copyright xenovon, under licence from Thinkstockphotos.co.uk