Cyber-experts working at the National Cyber Security Center (NCSC), which is apart of Saudi Arabia’s National Cyber Security Authority (NCSA), identified the data wiping malware as “Dustman”. The malware that hit BAPCO, Bahrain’s national oil company, on December 29, 2019.
The malware was designed to delete data from infected computers. The malware, according to CISIO Magazine, was named after the filename and string embedded in the malware.
Some commentators believe the malware attack to have been state-sponsored, noting how the Iranian government has a history of undertaking cyberattacks. If proven, this would make Dustman the latest iteration of data wiping malicious codes. The most infamous case was in 2012, when an attack, identified as originating from Iran, took place against Saudi Aramco (using the malware Shamoon (also known as Disttrack)).
According to ZDNet, this latest cyberattack demonstrates how advanced Iran’s technical capabilities are in relation to having the capacity and knowledge to launch destructive cyber-attacks This concern has led the U.S. Department of Homeland Security had is to issue an alert to U.S. companies and government offices.
Commenting for Digital Journal on the cyberattack, Chris Kennedy, CISO and VP of customer success, AttackIQ says that “cyberattacks are commonly used in warfare today as they are cheaper and easier than any other kind of army to raise. Iran has a well-funded and state-supported offensive cyber capability, and this malware incident will likely be followed by other attacks.”
Kennedy proceeds to discuss the state-sponsored nature of many attack: “We have witnessed over the past five years an increase of state-sponsored attacks directed at “civilian,” or commercial, organizations as methods to achieve secondary access or other goals. Unfortunately, the use of cyber attacks is now a doctrinal norm and organizations must ensure they are prepared to defend themselves and not collateral damage.”
In terms of how businesses can best protect themselves, Kennedy explains: “To protect their networks and consumer data, companies must understand the methods of these types of threats and continuously test the efficacy of their security controls to ensure what they believe to be their security posture is actually true and they’re adequately defended.”
