Presentation is loading. Please wait.

Presentation is loading. Please wait.

How Seculert Discovered the Shamoon Malware

Published byClementine Hampton Modified over 5 years ago

Similar presentations

Presentation on theme: "How Seculert Discovered the Shamoon Malware"— Presentation transcript:

1 How Seculert Discovered the Shamoon Malware
© 2013 Seculert Company, All Rights Reserved

2 Shamoon is a 2-stage attack targeting Oil & Energy companies
Shamoon Targeted Attack Shamoon is a 2-stage attack targeting Oil & Energy companies Comprised of 3 modules Dropper Reporter Wiper Extracting data via an internal infected machine proxy Shamoon stages Data extraction Wiping machines Internal proxy used for both Dropper and Reporter. Worm capabilities to spread itself, by trying to create a scheduled task on remote LAN machines. © 2013 Seculert Company, All Rights Reserved #seculertjuly2013

3 Spreading itself on the local network via Scheduled Tasks
Shamoon Targeted Attack Spreading itself on the local network via Scheduled Tasks Abuse a legitimate & signed RawDisk driver to wipe MBR Wiper module Time Bomb Wipe drive and MBR at specified dates and times Others copycat this capability Creating scheduled tasks on remote machines on the local network Eldos signed Internal proxy used for both Dropper and Reporter. Worm capabilities to spread itself, by trying to create a scheduled task on remote LAN machines. © 2013 Seculert Company, All Rights Reserved #seculertjuly2013

4 Initial attack vector is still unknown
Shamoon – Why It Wasn’t Prevented Initial attack vector is still unknown Physical access / Insider Partner Spear phishing Time based attack (time bomb) Worm spreading in local network Using local machine as a proxy Most of the victim companies were using solutions which are focused on prevention © 2013 Seculert Company, All Rights Reserved #seculertjuly2013 4

5 A customer uploaded a suspicious file to the Seculert Elastic Sandbox
How Seculert Identified Shamoon A customer uploaded a suspicious file to the Seculert Elastic Sandbox Malware behavioral profile was automatically created Shamoon was detected on another customer using Big Data analysis of their gateway traffic logs Customers use Seculert API to enhance their on-premises security devices to protect against Shamoon © 2013 Seculert Company, All Rights Reserved #seculertjuly2013 5

6 From Prevention to Protection
Persistent attacks require a new approach Big Data analytics Long-term analysis Advanced malware profiling Automated expertise © 2013 Seculert Company, All Rights Reserved #seculertjuly2013 6

7 © 2013 Seculert Company, All Rights Reserved
Let Seculert Detect Unknown Malware on Your Network Sign-up Now Immediate Results – No Credit Card Required – Initial Results are FREE! © 2013 Seculert Company, All Rights Reserved

Download ppt "How Seculert Discovered the Shamoon Malware"

Similar presentations

ISRT IS 376 OCTOBER 28, 2014 INTERNET SECURITY THREAT REPORT  2014.

ISRT IS 376 OCTOBER 28, 2014 INTERNET SECURITY THREAT REPORT  2014.
By Hiranmayi Pai Neeraj Jain

By Hiranmayi Pai Neeraj Jain
Genie-Soft Product Profile. Copyright© Genie-Soft Corporation 2001-2007. All rights reserved. What We Do? Storage Software  Secure, Access & Manage Data.

Genie-Soft Product Profile. Copyright© Genie-Soft Corporation All rights reserved. What We Do? Storage Software  Secure, Access & Manage Data.
Latest Threats Against Mobile Devices Dave Jevans Founder, Chairman and CTO.

Latest Threats Against Mobile Devices Dave Jevans Founder, Chairman and CTO.
1© Copyright 2011 EMC Corporation. All rights reserved. Advanced Persistent Threat Sachin Deshmanya & Srinivas Matta.

1© Copyright 2011 EMC Corporation. All rights reserved. Advanced Persistent Threat Sachin Deshmanya & Srinivas Matta.
Dr. John P. Abraham Professor UTPA 2 – Systems Threats and Risks.

Dr. John P. Abraham Professor UTPA 2 – Systems Threats and Risks.
Cyber Security Discussion Craig D’Abreo – VP Security Operations.

Cyber Security Discussion Craig D’Abreo – VP Security Operations.
Novel Information Attacks From “Carpet Bombings” to “Smart Bombs”

Novel Information Attacks From “Carpet Bombings” to “Smart Bombs”
S EC (4.5): S ECURITY 1. F ORMS OF ATTACK There are numerous way that a computer system and its contents can be attacked via network connections. Many.

S EC (4.5): S ECURITY 1. F ORMS OF ATTACK There are numerous way that a computer system and its contents can be attacked via network connections. Many.
IBM Security Network Protection (XGS)

IBM Security Network Protection (XGS)
© 2012 IBM Corporation IBM Security Systems 1 © 2014 IBM Corporation IBM Security Network Protection (XGS) Advanced Threat Protection Integration Framework.

© 2012 IBM Corporation IBM Security Systems 1 © 2014 IBM Corporation IBM Security Network Protection (XGS) Advanced Threat Protection Integration Framework.
MIRAGE CPSC 620 Project By Neeraj Jain Hiranmayi Pai.

MIRAGE CPSC 620 Project By Neeraj Jain Hiranmayi Pai.
 Discovered in June/July 2010  Targeted Siemens software and equipment running Microsoft Windows  First malware for SCADA systems to spy and subvert.

 Discovered in June/July 2010  Targeted Siemens software and equipment running Microsoft Windows  First malware for SCADA systems to spy and subvert.
Advanced Persistent Threats CS461/ECE422 Spring 2012.

Advanced Persistent Threats CS461/ECE422 Spring 2012.
Protecting Your Computer & Your Information

Protecting Your Computer & Your Information
Malicious Code Brian E. Brzezicki. Malicious Code (from Chapter 13 and 11)

Malicious Code Brian E. Brzezicki. Malicious Code (from Chapter 13 and 11)
1 Panda Malware Radar Discovering hidden threats Channel Presentation Name Date.

1 Panda Malware Radar Discovering hidden threats Channel Presentation Name Date.
Lesson 2- Protecting Yourself Online. Determine the strength of passwords Evaluate online threats Protect against malware/hacking Protect against identity.

Lesson 2- Protecting Yourself Online. Determine the strength of passwords Evaluate online threats Protect against malware/hacking Protect against identity.
©2014 Bit9. All Rights Reserved Endpoint Threat Prevention Charles Roussey | Sr. Sales Engineer Detection and Response in Seconds.

©2014 Bit9. All Rights Reserved Endpoint Threat Prevention Charles Roussey | Sr. Sales Engineer Detection and Response in Seconds.
Lecture 2 Title: Computer Software By: Mr Hashem Alaidaros MIS 101.

Lecture 2 Title: Computer Software By: Mr Hashem Alaidaros MIS 101.

Similar presentations

Ads by Google