[ISN] Report: U.S., Israel Fingered In Latest Data-Annihilation Attack

From: InfoSec News <alerts_at_private>
Date: Mon, 24 Dec 2012 04:23:03 -0600 (CST)

By Kelly Jackson Higgins
Dark Reading
Dec 21, 2012

Remember that rudimentary data-wiping malware found on a few computers 
in Iran this month? Most security experts pegged it as a simple, 
unsophisticated copycat of more sophisticated data-destruction malware 

But in the latest twist, Industrial Safety and Security Source reported 
this week that the malware was courtesy of a U.S.-Israel attack, citing 
unnamed CIA sources who also say the attacks preceded the August Shamoon 
attack that hit Saudi Aramco and Iran's oil ministry.

Security researchers are unconvinced, however, noting that malware 
attribution—especially when it comes to espionage and sabotage—is 
difficult. And Chester Wisniewski, a senior security adviser for Sophos 
who has studied the so-called Batchwiper/GrooveMonitor attack, says it's 
"highly unlikely" that a CIA official would confirm such an attack if it 
were true.

The real problem is "attribution obfuscation," says Roel Schouwenberg, 
senior researcher for global research and analysis at Kaspersky Lab. 
"Following Shamoon, I stated we'd likely start seeing a trend where 
supposed nation-state malware would become more simplistic. Only top 
teams can develop top malware, such as Stuxnet and Flame. So it's quite 
clear what type of entity is likely behind it. Simplistic attacks can 
come from anyone," he says.


Visit the InfoSec News Security Bookstore
Best Selling Security Books and More!
Received on Mon Dec 24 2012 - 02:23:03 PST

This archive was generated by hypermail 2.2.0 : Mon Dec 24 2012 - 02:28:17 PST