Skip to main content

Security Roundup: cyber-attack tools now cheap and easy to use, Mahdi continues to spread, Iran accused of Saudi Aramco attack

Cyber-attack tools becoming easier to use, putting companies at “huge” risk

Security experts say companies are at greater risk than ever from network attacks due to the increased accessibility of damaging cyber tools. The cyber intelligence team at the security division of data storage corporation EMC says these tools are widely available at a relatively low cost, and are becoming easier to use with increasingly well-developed UIs, reports (opens in new tab) Computer Weekly.

Some even come supplied with user guides and support services, meaning that attackers who lack the knowledge and technical expertise of traditional cyber-criminals can still cause a great deal of damage. Tools like Zeus and SpyEye are becoming widely-used, as businesses become increasingly at risk of malware infections on their networks, even if their sensitive data is not specifically targeted.

(opens in new tab)“The risk is huge. More criminals are able to target highly-sensitive information within companies,” says Idan Aharoni of EMC’s security division, RSA. “Organisations must have a plan for dealing with infections and data breaches; they can’t just say this is an issue that doesn’t affect me. Any company that stores data is a potential target.”

Aharoni believes organisations should assume they will get infected and build their defence strategy around that. With countries now recognised for using malware as part of cyber espionage programmes, he also suggests companies need to plan security with this in mind. Basic defences like anti-virus and firewall protection are no longer enough according to Aharoni, who says, “We have seen this approach fail over and over again.”

“Less professional” Mahdi malware continues to cause damage

Testifying to the view that low-level cyber operations can still cause great damage are researchers at Kaspersky Lab, who, alongside fellow security firm Seculert, are reporting an expansion of the Mahdi malware in the Middle East.

Kaspersky’s Roel Schouwenberg describes Mahdi as a “less professional" programme that runs on widely-available software. "But the scary thing is that it can still be effective," he told Reuters (opens in new tab). Indeed, though the virus has been discovered and publicised, around 150 new victims have been identified by Seculert in the past six weeks, as the perpetrators have changed the code to dodge anti-virus programs. The number of infections found is now approaching 1,000, with the bulk of them in perennial malware target, Iran.

Aviv Raff of Seculert says the Mahdi campaign is being driven by hacktivists who are likely funded by a government to supply sensitive information. But Raff declined to identify which country may be involved.

Iran accused of orchestrating Saudi Aramco attack

After the world’s largest oil company, Saudi Aramco was hit by a cyber-attack that affected 30,000 workstations, security experts are continuing to speculate over the origins of the virus. Though two hacktivist groups have claimed responsibility for the assault on the state-owned firm, security author Jeffrey Carr believes Iran may be have turned from victim to aggressor, arguing that the country “is at the center of every significant aspect of this attack.”

Carr’s logic is perhaps tenuous, and, not for the first time, goes against the wider consensus; the US government contractor has argued that the infamous Stuxnet worm originated from China, and was not a US-Israeli project as is most commonly believed. Carr says that because the recently identified Shamoon virus shares traits with the Wiper virus that hit Iran last April, the Islamic Republic is therefore best placed to have launched Shamoon.

He then argues that because the Iranian government has ties with the Lebanese-based Shia’a group Hezbollah, and because Hezbollah members “include hackers”, the group’s involvement in the Aramco attack “must be properly evaluated.” He also points out that a number of Aramco employees are being investigated for their potential role in the incident, and that significantly, the company’s staff includes some “Lebanese Shi’a”.

Thus, Carr believes Iran orchestrated the attack on the Saudi-government’s oil firm via Hezbollah, in retaliation to the current embargo placed on its own oil exports. Flaky conjecture from Carr? Or a sensible theory? Tell us what you think in the comments section below.

Stories aggregated by Team Cymru (opens in new tab), which runs a private Security News mailing list called 'Dragon News Bytes', covering the most important and interesting news items of the day.

Will began working life as a technology journalist at ITProPortal as Senior Staff Writer. He's worked as a Copywriter, then Creative Lead across video, social, email, web and print. He is currently a Senior Content Strategist at Zone.