New Iranian data wiper malware hits Bapco, Bahrain’s national oil company | ZDNet
Saudi Arabia’s cyber-security agency spots new Dustman data-wiping malware.
Iranian state-sponsored hackers have deployed a new strain of data-wiping malware on the network of Bapco, Bahrain’s national oil company. The attack, which took place on December 29, did not have the long-lasting effect hackers might have wanted, as only a portion of Bapco’s computer fleet was impacted, with the company continuing to operate after the malware’s detonation https://www.zdnet.com/article/new-iranian-data-wiper-malware-hits-bapco-bahrains-national-oil-company/
Tim Erlin, VP, product management and strategy at Tripwire:
“The headline here is the malware itself, but it’s important to remember that the point of entry was an unpatched vulnerability. Prevention is the preferred method of malware defense. It’s likely we’ll see more of this type of state-sponsored activity. I wouldn’t expect this is the last we’ll hear about the Dustman malware. This attack could have been much worse, and while we don’t know all the details, I’m willing to be that Bapco had planned out their response before this incident occurred.”
Yaron Kassner, CTO, Silverfort:
“The attackers managed to compromise the antivirus service account, which was connected to all the machines in the network. Highly privileged service accounts are a top target for hackers because once compromised, they can be exploited to reach sensitive systems and gain control over them. These accounts can pose significant risk to corporate networks. Therefore it is important to monitor and restrict access of such service accounts. Following the principle of least privilege, service accounts should be restricted to connect from specific sources, to specific targets, on specific interfaces, at specific times of day, based on risk calculated in real time. Enterprises are encouraged to use next generation authentication solutions which enable monitoring, continuous risk assessments and application of zero trust policies on service accounts. Such solutions can help detect suspicious behavior of service accounts early on, and prevent the malware from spreading throughout the network.”