Table of content :
- Throwback Attack: Shamoon Malware on The Saudi Aramco
- Other Cyberattacks Cases During The Holidays
- Cybersecurity Tips During Holiday Season
Ramadan is a month of celebration and the biggest holiday season for Muslim-majority countries around the world. In Southeast Asia, especially Indonesia, Malaysia, Brunei, Singapore, Southern Thailand, and Mindanao island in the Philippines will celebrate Eid-ul-Fitr (Hari Raya in Malaysia, Singapore and Lebaran in Indonesia) after a month of fasting.
It is expected some businesses and government offices to be closed for this major holiday, which will be on May 3rd and 4th, 2022 and the number of holidays may extend to a week or sometimes more.
The holidays may be seen as a time for celebration, but families are not the only ones who see these occasions as the most wonderful time of the year. Cyber-threat actors or cybercriminals know exactly that due to low staffing because on vacation, have a higher workload, and get distracted more than usual, the holidays are one of the best times to attack. As a result, the long holidays such as Hari Raya will put your organisation at a higher risk of cyberattack.
Throwback Attack: Shamoon Malware on The Saudi Aramco
The attack was started in mid-2012 when one of the IT team at Saudi Aramco, the state-owned Saudi Arabia oil company, opened a scam email and clicked on a bad link containing malware, later called Shamoon. The hackers were into their system but not immediately attacked. The actual threats began during the Islamic holy month of Ramadan when most Saudi Aramco employees were on holiday. On the morning of Wednesday, August 15, 2012, some employees noticed their computers were acting weird: screens started flickering, files began to disappear, and some computers just shut down, according to CNN Business.
More than 30,000 workstations at the company were affected by the malware. Saudi Aramco’s computer technicians had no choice but to rip cables out of the backs of computer servers at data centres all over the world. Every office was physically unplugged from the Internet to prevent the virus from spreading further. Everything, from managing supplies, shipping, contracts with business partners to reporting were done manually with typewriters or fax machines. Not only that, Saudi Aramco bought 50,000 new hard drives to replace the infected ones.
After the attack, a group calling itself “Cutting Sword of Justice” claimed responsibility for the attack, saying they were retaliating against the Al Saud regime for its crimes against humanity. There is no ransom requested by Shamoon and it is an example of weaponised malware that is designed for use in cyber-war.
Shamoon, known as W32.Distrack, is an aggressive, disk-wiping malware program that can wipe the master boot records and replace it with various images, such as image of a burning U.S. flag.The Shamoon malware was also used against Qatar’s RasGas oil company. After the 2012 attack, Shamoon resurfaced in 2016 and in 2018 in a new version that targets energy sector infrastructure in the Middle East.
Other Cyberattacks Cases During the Holidays
Beside Shamoon, several major cyber-threats cases during the holidays in 2021, such as:
- The largest fuel pipeline operation company, Colonial Pipeline, was forced to pay a ransom of US$4.4 millions to the Darkside hacker group after a ransomware attack during the Mother’s Day Weekend on May 9, 2021. The attack successfully disrupted fuel deliveries in the South-East US for several days.
- JBS, the world’s biggest meat processor, paid US$11 millions after a cyber-attack sabotaged its operations, including abattoirs in the US, Australia, and Canada during Memorial Day weekend on May 31, 2021.
- On the July 4 holiday weekend in 2021, when millions of Americans logged out to spend time with friends and family, one of the most significant ransomware attacks of the year began. It was targeted against Kaseya’s software technology which caused national railway systems, schools, broadcasters, etc. to shut operations as file-encrypting malware hit them.
- Over the Labour Day weekend, Howard University in Washington DC was taken offline and forced to cancel classes for a week as its network was held hostage by cyber-criminals. The cyber-criminals used phishing emails to gain access to credentials from unsuspecting university network users and used the credentials to orchestrate this holiday ransomware attack.
Cybersecurity Tips During Holiday Season
It is important to prevent cyber threats because security breaches risk financial pain, fines, and endanger your brand, reputation and customer trust in your organisation. Several best practises to reduce the risk and impact of cybersecurity attack, such as:
1. Make an offline backup of your data.
Make and maintain offline, encrypted backups of data and regularly test your backups. It is important that backups be maintained offline as many ransomware variants attempt to find and delete or encrypt accessible backups. Review your organisation’s backup schedule to take into account the risk of a possible disruption to backup processes during weekends or holidays.
2. Do not click on suspicious links.
Minimise the risk of human errors through user training programs and phishing exercises to raise awareness about the risks involved on click or opening malicious websites and attachment.
3. Use strong passwords and multi-factor authentication (MFA).
Passwords should not be reused across multiple accounts or stored on the system where an adversary may have access. Require multi-factor authentication (MFA) for all services to the extent possible, particularly for remote access, virtual private networks, and accounts that access critical systems.
4. Secure your network(s): Maintain the highest standards of cyber-hygiene across the organisation.
All of your network, application and devices should meet a certain cyber hygiene to protect your most valuable data and information and prevent cyber threats. Automated cyber hygiene and policy enforcement to meet your needs and your industry security compliance.
5. Choose a comprehensive security solution.
A comprehensive security solution that provides real-time cyber-attack warnings, actionable insights and security analytics to continuously strengthen your security posture and minimise the risks of cyber-attacks during the holidays.
Still confused about how to pick cybersecurity solutions for your company? You can try ArmourZero, the future of cybersecurity, powerful and modern Cloud IT Security Operation as-a-Service in one platform. Also, get our 1-year free limited promotion for Endpoint Protection with EDR as-a-service here.
Share this post
- 02 Feb 2023
- By:Bernadetta Septarini
- Category: ArmourHacks
Indonesia’s reliance on antivirus alone is a cybersecurity blindspot. Today, we need multi-layered security to stop cyberattacks. Find out more about it here.
- 13 Jan 2023
- By:Bernadetta Septarini
- Category: ArmourHacks
In 2023, how can businesses ensure their budget while still protecting themselves from cyber threats? Learn tips on how to protect your endpoint from threats.