Making complex data simple and compelling
From digital device to digital evidence
Unlock your vehicle's digital evidence potential
Forensic Analysis and Enhancement
Investigating and analyzing financial records
Gain access to the online accounts of deceased loved ones
Clear, precise evidence for a messy world
Expert reports to suit your specific needs
We can locate people anywhere
Stop worrying and learn the truth
Prevent, Detect, Respond To Cyberattacks
First response is crucial. Every minute counts.
The first response is critical to reduce liability
Detection & Removing Spyware Services
Reduce your electronic risk from digital transmittals
Find out who you are really talking to
Experienced, Confidential Services
Swift, professional incident response
Complicated cases require compelling digital facts
Find, recover and document digital evidence
Bring solid evidence before a judge
Cases can be investigated using Social Media
The specialists found an old Shamoon malware activity (also known as Disttrack). This Malvar first found in 2012, when the malware attacked the Saudi oil company Aramco. Shamoon experts studied many companies. Then the malware has been configured to erase data from 30,000 computers and mashing the MBR (Master Boot Record). In addition, at the end of the work Malvar showed an image of a burning American flag.
Four years later, the researchers warn that Shamoon returned. The malware was once again focused on at least one unnamed company in Saudi Arabia, and contained in the settings hard-coded credentials from the computers of its employees to the threat could spread rapidly and cause as much damage as possible. As in 2012, Malvar overwrites information on the disk and overwrites the MBR.
All Shamoon attacks were obviously very carefully planned in advance, as the attackers had access to legal credentials before launching an attack.
Can be confirmed that the current modification DistTrack almost identical samples used back in 2012. This is a multi-component malicious programs with the ability to propagate itself through a local area network. The evil function of its components are listed in the article by Douglas Jose Pereira dos Santos, Artem Semenchenko.
Based on their analysis, they have determined that Fortinet Security fabric would be easy to detect initial infection Shamoon, and could also use the information from the most infections, to restore to the previous network, the safe state. In addition, since the malware started spreading across the infrastructure and device drivers change every machine, FortiSIEM, widespread point of view of the entire infrastructure, including the target endpoints, it would have determined that the network showed a very unusual activity and will be adjudged on consideration.
More.
Please enter the result of the calculation above.
Save my name, email, and website in this browser for the next time I comment.
Δ
Speak to a Specialist Now
Get Help Now