A new wave of cyberattacks
is hitting the Middle East, in particular, Saudi Arabia. The attacks are mainly
carried out by a modified version of the infamous Shamoon malware, called
Shamoon 2. Similarities between Shamoon and Shamoon 2 are striking.
In his seminar, Dr. Sami
Zhioua, ICS Department at KFUPM presented a technical and detailed analysis of
Shamoon 2 malware. In particular, he gave details about how the malware
propagates and moves from one computer to another and from network to another
and what it does in each infected computer. The major propagation tactic is
social engineering which uses weaknesses in human behavior to trick employees
and users to open malicious emails and files. He mentioned also that Shamoon 2
is not a sophisticated malware but it did a lot of damage because it was a
targeted malware that are sent for particular organizations in the region.
Finally, he mentioned practical measures to prevent from such attacks, in
particular, blocking certain services used by the malware: VPN, RDP, PS Exec,
etc. using Virtualization solutions such as VMware and Huawei, and improving the
security awareness of employees.