FBI Warns of Destructive Malware Attacks on U.S. Companies

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  

The FBI is warning that hackers recently used destructive malware in a cyber attack in the United States. Reuters reports that the confidential FBI warning appears to describe last week's cyber attack on Sony Pictures, indicating that the Sony attack was the first major destructive cyber attack ever launched against a company in the United States.

"I believe the coordinated cyber attack with destructive payloads against a corporation in the U.S. represents a watershed event," Trend Micro chief cybersecurity officer Tom Kellermann told Reuters. "Geopolitics now serve as harbingers for destructive cyber attacks."

Still, Bromium security specialist Clinton Karr told eSecurity Planet by email that attacks like these are all but inevitable.

"These attacks are troublesome, but not surprising," Karr said. "Earlier this year we witnessed Code Spaces shutdown after a successful attack destroyed its cloud backups. Likewise, the evolution of crypto-ransomware suggests attackers are targeting the enterprise with destructive attacks. These attacks are unlike the 'cat burglary' of Trojan attacks, but much more brute force like a smash-and-grab or straight vandalism."

Similar attacks, Reuters notes, have been launched against companies in South Korea and the Middle East, including a 2012 attack against Saudi Aramco that disabled approximately 30,000 computers.

The confidential warning was sent by email to staff at some U.S. companies. While FBI spokesman Joshua Campbell wouldn't comment on the contents of the warning, he did tell Reuters that the FBI routinely issues guidance to private industry regarding cyber threats. "This data is provided in order to help systems administrators guard against the actions of persistent cyber criminals," he said.

According to Reuters, the five-page FBI warning offers advice on how to respond to the malware, and notes that the malware is designed to overwrite all data on infected hard drives, including the master boot record.

"The overwriting of the data files will make it extremely difficult and costly, if not impossible, to recover the data using standard forensic methods," the warning states.

Sony is working with Mandiant to respond to the breach, and is cooperating with investigations by the FBI and the Department of Homeland Security.

The FBI warning doesn't identify the attackers responsible for the Sony breach or offer information on their location.

RedSeal chief evangelist Steve Hultquist told eSecurity Planet by email that the warning seems to indicate that the FBI believes other such attacks are likely. "It also underscores the reality that formal security architecture and defenses have taken a backseat to other investments," he said. "As a result, organizations are vulnerable to attacks designed to destroy, steal, or observe and have very limited visibility into how, when, and for what purpose they occur."

"Organizations must develop a stronger coordinated response to likely attack that includes stronger authentication than username and password, that distributes data so that it is harder to gather complete context, that divides the network into strict security zones, and automation to model the actual network to ensure effective placement of defenses and fixes of any errors that create unapproved access," Hultquist added. "Leaving any of these undone creates a hole allowing attackers to steal, spy, and destroy."