KFUPM Information security expert offers lectures on "Shamoon 2"

A new wave of cyberattacks is hitting the Middle East, in particular, Saudi Arabia. The attacks are mainly carried out by a modified version of the infamous Shamoon malware, called Shamoon 2. Similarities between Shamoon and Shamoon 2 are striking.

In his seminar, Dr. Sami Zhioua, ICS Department at KFUPM presented a technical and detailed analysis of Shamoon 2 malware. In particular, he gave details about how the malware propagates and moves from one computer to another and from network to another and what it does in each infected computer. The major propagation tactic is social engineering which uses weaknesses in human behavior to trick employees and users to open malicious emails and files. He mentioned also that Shamoon 2 is not a sophisticated malware but it did a lot of damage because it was a targeted malware that are sent for particular organizations in the region. Finally, he mentioned practical measures to prevent from such attacks, in particular, blocking certain services used by the malware: VPN, RDP, PS Exec, etc. using Virtualization solutions such as VMware and Huawei, and improving the security awareness of employees.