It seems like cyber attackers are constantly devising sophisticated ways of carrying out their agendas.
Russia-based security firm Kaspersky Lab has revealed in a March 6 report that its global research and analysis team has uncovered an advanced wiper malware that they have termed StoneDrill.
StoneDrill appears to have evolved from the notorious Shamoon (Disttrack) malware.
It is capable of destroying data on a target’s storage and employs sophisticated anti-detection techniques and features various espionage tools.
The new malware has targeted the Middle East and appears to be spreading towards Europe.
StoneDrill and Shamoon belong to the group of cyber agents that utilize the wiper malware agent.
The Shamoon wiper malware initially came to light back in 2012 after it was employed to take down at least 35,000 computers in a Middle Eastern oil and gas company.
The far-reaching consequences of the wiper attack highlighted just how devastating this type of malware can be – approximately 10% of the world’s oil supply was jeopardized as a result.
The malware was dormant for nearly four years and resurfaced in late 2016 in the form of Shamoon 2.0.
The updated version was far more malicious than its predecessor, and was used in cyber-attacks on the Saudi Arabian government, telecom systems, and the transportation industry in late 2016 and early 2017.
The Global Research and Analysis team investigated the StoneDrill attacks and determined that the malware was developed with aspects similar to Shamoon 2.0.
However, StoneDrill is unique and more complex.
At the moment, it is not yet known how the malware is spread.
The researchers discovered that the malware self-injects into the user browser’s memory process once it is present in a computer.
It is capable of tricking the security software installed in the infected device.
StoneDrill achieves this through two advanced anti-emulation features, and then proceeds to destroy the data in the device’s disk storage.
At this time, the wiper malware has been employed in two target areas: Europe and the Middle East (Saudi Arabia).
Apart from the wiper agent, the researchers also discovered that StoneDrill features a backdoor and ransomware module.
This backdoor is utilized for spying operations and was developed by the Shamoon code writers.
They uncovered four command and control (C2) panels that facilitated the attackers’ spying operations.
StoneDrill manages to avoid detection since it does not have to install using disk drivers and functions on the file level.
An unknown number of targets could have been victim to this backdoor.
The ransomware module enables the encryption of files on the victim computer.
According to the Kaspersky Lab researchers, StoneDrill seems to have ties to a number of similar wiper malware and spyware.
The experts were able to discover StoneDrill by employing the pattern matching Swiss knife platform referred to as Yara.
Yara is a tool that researchers utilize in order to identify and classify malware samples based on binary and textual patterns.
Unknown samples of the destructive Shamoon malware were identified through the same rules.
The two malware families have distinct code bases, but there was a similarity in the programming style of the developers.
Nevertheless, StoneDrill and Shamoon appear to have been developed separately.
Some sections of malicious code in StoneDrill were evident in another malware campaign known as NewsBeef APT (Charming Kitten).
This campaign has been in force in the past few years.
Kaspersky Lab claims that their products can identify and block the aforementioned StoneDrill, Shamoon, and NewsBeef APT malware.
While the attacks are being aimed at targets in the Middle East and Europe, the potential for attacks in other parts of the world is existent nonetheless.
Conclusive evidence on the impact of the StoneDrill attacks is still not available at the time of writing.
However, the Kaspersky Lab researchers forwarded a number of strategies that organizations can adopt to tackle wiper malware.
These strategies include but are not limited to conducting control network security assessment, utilizing external intelligence, proper employee training on past and current cyber threats, implementing protection measures inside and outside network perimeters, as well as evaluation of advanced cyber protection methods.
The security experts also advised organizations to dedicate adequate resources to threat detection and mitigation stratagems.