By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
10alert.com10alert.com
  • Threats
    • WordPress ThreatsDanger
    Threats
    A cyber or cybersecurity threat is a malicious act that seeks to damage data, steal data, or disrupt digital life in general. Cyber threats include…
    Show More
    Top News
    Seven Steps to Recover from Scareware
    8 months ago
    How To Safely Download Apps on iOS and Android
    8 months ago
    New TeslaCrypt Ransomware Targets Gamers
    8 months ago
    Latest News
    Triangulation: Trojan for iOS | Kaspersky official blog
    5 days ago
    Wordfence Intelligence Weekly WordPress Vulnerability Report (May 22, 2023 to May 28, 2023)
    5 days ago
    Safeguards against firmware signed with stolen MSI keys
    7 days ago
    WPDeveloper Addresses Privilege Escalation Vulnerability in ReviewX WordPress Plugin
    7 days ago
  • Fix
    Fix
    Troubleshooting guide you need when errors, bugs or technical glitches might ruin your digital experience.
    Show More
    Top News
    How to enable DNS over HTTPS in Chrome
    8 months ago
    How to check Windows Update history on Windows 10
    8 months ago
    Windows 10 update KB5011543 (build 19044.1620) brings search highlights
    8 months ago
    Latest News
    How automatically delete unused files from my Downloads folder?
    4 months ago
    Now you can speed up any video in your browser
    4 months ago
    How to restore access to a file after EFS or view it on another computer?
    4 months ago
    18 Proven Tips to Speed Up Your WordPress Site and Improve SEO | 2023 Guide
    5 months ago
  • How To
    How ToShow More
    Nine years of Project Galileo and how the last year has changed it
    Nine years of Project Galileo and how the last year has changed it
    17 hours ago
    Dynamic data collection with Zaraz Worker Variables
    Dynamic data collection with Zaraz Worker Variables
    4 days ago
    Reduce latency and increase cache hits with Regional Tiered Cache
    Reduce latency and increase cache hits with Regional Tiered Cache
    5 days ago
    Cloudflare is deprecating Railgun
    Cloudflare is deprecating Railgun
    5 days ago
    What is two-factor authentication | Kaspersky official blog
    1 week ago
  • News
    News
    This category of resources includes the latest technology news and updates, covering a wide range of topics and innovations in the tech industry. From new…
    Show More
    Top News
    How to check your hearing through the application
    8 months ago
    Canva Suffers Data Breach Affecting 139 Million Users
    8 months ago
    Make Woocommerce product not purchasable
    8 months ago
    Latest News
    How to generate SSH keys on Windows 11
    7 hours ago
    How to enable file sharing on WSA for Windows 11
    7 hours ago
    How to add CPU, GPU, RAM widgets on Windows 11
    5 days ago
    How to create virtual drive (VHD, VHDX, Dev Drive) on Windows 11
    1 week ago
  • Glossary
  • My Bookmarks
Reading: Some Malware Just Wants to Watch the World Burn
Share
Notification Show More
Aa
Aa
10alert.com10alert.com
  • Threats
  • Fix
  • How To
  • News
  • Glossary
  • My Bookmarks
  • Threats
    • WordPress ThreatsDanger
  • Fix
  • How To
  • News
  • Glossary
  • My Bookmarks
Follow US
ThreatsWordpress Threats

Some Malware Just Wants to Watch the World Burn

Vitus White
Last updated: 13 October
Vitus White 8 months ago
Share
7 Min Read

To summarize Costin Raiu, the director of Kaspersky Lab’s research arm, the vast majority of malicious files are what he calls crimeware — computer programs deployed by cybercriminals seeking to make a profit by stealing credentials, data, resources, or money directly. The second most prevalent category of malicious software is designed exclusively for cyber-espionage and is used by a variety of advanced threat actors – often with state, corporate, or other deep-pocketed benefactors. Then there is a third, much smaller category of purely destructive malware – sometimes called wipers.

As it turns out, early malware was almost entirely destructive in nature. In the late nineties the Internet was not the vast storage place for valuable data that it is today. In addition to that, organized criminals had yet to see the hard financial value in what was – at the time – easily accessible information. Thus, somewhat like modern ransomware, early hackers designed malware that encrypted hard-drives or corrupted machine data in other ways. There was a playful mischievousness to these early trojans and the people developing them. As far as I know, money was not a significant incentive among early malware-authors.

Destructive, wiper-type malware never really went away, but it’s definitely been revitalized with new fervor purpose in the murky age of alleged nation-to-nation and nation-to-corporation attacks.

Wipers remain a tertiary threat at best; one that you or I don’t really have to actively worry about.

In fact, in the last three years, our friends at Securelist have examined no less than five separate wiper-style attacks.

The first, merely called Wiper, was so effective that it even wiped itself off the thousands of Iranian computers it is believed to have infected. Because of this, no one was able to examine Wiper malware samples. In comparison to other destructive malware, this threat was seemingly novel, targeting a slew of what appeared to be random machines. Wiper, however, is significant because – whoever designed it and for whatever purpose – it may well have been the inspiration for the following for pieces of malware.

Shamoon in particular is thought to have descended from the mysterious Wiper malware. This destructive strain found its way onto the networks of what may be the world’s most valuable company and what is definitely its largest daily oil producer, Saudi Aramco. Shamoon made quick work of the Saudi Arabian Oil Company in August of 2012, destroying more than 30,000 corporate workstations. The malware, which some have said originated in Iran even though a hacker group claimed credit for the attack, did not succeed in erasing itself from existence as Wiper did before it. Researchers got their hands on Shamoon, realizing it used crude but effective methods in its attack.

Then there was Narilam, a crafty piece of malware that seemed to target the databases of some financial applications used almost exclusively in Iran. Narilam was different than the others here in that it’s a slow acting malware, designed for long-term sabotage. Kaspersky Lab has identified a number of different versions of Narilam, some dating back as far as 2008. While Narilam and threats like it act slow, they can be quite destructive in the long-term.

There was also the Groovemonitor (aka Maya) malware. Iran’s equivalent to the computer emergency response team first reported what they called Maher in 2012. It’s a fairly simple threat, attacking victim machines more like a bludgeon than a scalpel. Groovemonitor basically has a preset period between two dates. It would attempt to delete every file between those two dates on all machine drives D through I.
The most recent threat, called Dark Seoul, was used in a coordinated attack targeting several banks and broadcasting companies in Seoul, South Korea. This attack was different from the previous ones in both because it did not seem to involve a gulf state (Iran or Saudi Arabia), but also because it was incredibly conspicuous, suggesting that the attackers in this case were out for fame rather than clandestine sabotage.

“The power to wipe tens of thousands of computers at the push of a button or a mouse click represents a powerful asset for any cyber-army,” Raiu wrote in a Securelist report. “This can be an even more devastating blow when coupled with a real world kinetic attack to paralyze a country’s infrastructure.”

Wipers remain a tertiary threat at best; one that you or I don’t really have to actively worry about. After all, there isn’t a whole lot that everyday Internet users can do to protect their water or power utilities against a piece of malware that would erase supervisory control and data acquisition or industrial control systems (the hardware and software that controls power grids, manufacturing, etc.). These are the sorts of threats that need to be monitored and mitigated by specialized security companies, critical infrastructure holders, and – perhaps most importantly – national governments.

The good news – for users in the United States and its close allies at least – is that the U.S. Congress will soon vote on the popular, bipartisan, private sector endorsed National Cybersecurity and Critical Infrastructure Protection Act of 2013. The bill is designed primarily to promote threat-information sharing between the government and the companies that manage critical infrastructure. Similar efforts and legislation are in consideration or already underway in a number of other countries around the world as well.

 


Source: kaspersky.com

Translate this article

TAGGED: Malware, RC4, Security, Software, Threat, Threats
Vitus White October 13, 2022 October 7, 2022
Share this Article
Facebook Twitter Reddit Telegram Email Copy Link Print

STAY CONECTED

24.8k Followers Like
253.9k Followers Follow
33.7k Subscribers Subscribe
124.8k Members Follow

LAST 10 ALERT

How to generate SSH keys on Windows 11
News 10 hours ago
How to enable file sharing on WSA for Windows 11
News 10 hours ago
Nine years of Project Galileo and how the last year has changed it
Nine years of Project Galileo and how the last year has changed it
Apps 17 hours ago
Dynamic data collection with Zaraz Worker Variables
Dynamic data collection with Zaraz Worker Variables
Apps 4 days ago
How to add CPU, GPU, RAM widgets on Windows 11
News 5 days ago

Recent Posts

  • How to generate SSH keys on Windows 11
  • How to enable file sharing on WSA for Windows 11
  • Nine years of Project Galileo and how the last year has changed it
  • Dynamic data collection with Zaraz Worker Variables
  • How to add CPU, GPU, RAM widgets on Windows 11

You Might Also Like

News

How to generate SSH keys on Windows 11

10 hours ago
Nine years of Project Galileo and how the last year has changed it
Apps

Nine years of Project Galileo and how the last year has changed it

17 hours ago
Dynamic data collection with Zaraz Worker Variables
Apps

Dynamic data collection with Zaraz Worker Variables

4 days ago
Cloudflare is deprecating Railgun
Apps

Cloudflare is deprecating Railgun

5 days ago
Show More

Related stories

How to Use Cloudflare to Secure Your WordPress Site
How To Starting Chrome from the command line
How to fix error 0x80070057 in Chrome?
Windows 10 How To Disable Slide to Shutdown
Windows search not working (FIX)
How to watch movies and TV series for free on Kinopoisk?
Previous Next

10 New Stories

Reduce latency and increase cache hits with Regional Tiered Cache
Cloudflare is deprecating Railgun
Triangulation: Trojan for iOS | Kaspersky official blog
Wordfence Intelligence Weekly WordPress Vulnerability Report (May 22, 2023 to May 28, 2023)
Safeguards against firmware signed with stolen MSI keys
WPDeveloper Addresses Privilege Escalation Vulnerability in ReviewX WordPress Plugin
Previous Next
Hot News
How to generate SSH keys on Windows 11
How to enable file sharing on WSA for Windows 11
Nine years of Project Galileo and how the last year has changed it
Dynamic data collection with Zaraz Worker Variables
How to add CPU, GPU, RAM widgets on Windows 11
10alert.com10alert.com
Follow US

© 10 Alert Network. All Rights Reserved.

  • Privacy Policy
  • Contact
  • Customize Interests
  • My Bookmarks
  • Glossary
Go to mobile version
adbanner
AdBlock Detected
Our site is an advertising supported site. Please whitelist to support our site.
Okay, I'll Whitelist
Welcome Back!

Sign in to your account

Lost your password?