StoneDrill has the potential ability to destroy data similar to Shamoon and experts still do not understand how it can spreading.
In 2012, Shamoon (also known as Disttrack) wiper was very popular because of its taking down about 35.000 computers in oil and gas company in the Middle East. 10 % of the world’s oil supply potentially at risk. In 2016, it returned in the form of Shamoon 2.0- a more extensive malicious campaign using a heavy updated version of the 2012 malware.
While doing this research, Kaspersky researchers unexpectedly discover that was built in a similar to Shamoon 2.0. It is not yet known how to StoneDrill is delivering, but when the attacked machine it injects itself into the memory process of the user’s favorite browser. During this process it spends 2 sophisticated anti-emulation techs to fool the security installed on the victim device. The malware now starts destroying the computer‘s disk file.
Moreover, Kaspersky researcher also found a StoneDrill backdoor, which has been done by the same code writers and used for the espionage goal. The most interesting thing about StoneDrill is that it connects to some other wipers and espionage operations observed before.
To be safe with these attacks, Kaspersky Lab experts advise the organizations conduct a security assessment of the control network (such as penetration testing, gap analysis a) to identify and remove any security loopholes. Besides, training the employee, paying attention to operational and engineering staff and their awareness of the recent threat and attacks, etc.