14 DAY TRIAL // The Federal Bureau of Investigation issued on Monday a warning to businesses in the US about a piece of malware that can render the affected machine completely inoperable by overwriting the data on it.
No company names have been provided in the “flash” alert from the FBI, but one can speculate that the Sony Picture Entertainment (SPE) incident and this course of action from law enforcement are connected, especially since some of the effects of the malware resemble the issues at SPE.
Threat wipes out stored information
According to Reuters, the FBI warning was five-page long and included some technical information about the threat. One of the characteristics of the malware consists in the fact that it overwrites the information on the hard disk, also affecting the master boot record (MBR), which includes details of the partitioned space (system drive included) on the storage unit.
By overwriting the MBR information, the malware prevents the computer from booting up, a clue that points in the direction of the threat used in the Sony incident last week. After the attack, the employees of the company could no longer rely on computers to do their work and the network was offline for multiple days in a row.
Losing the data this way makes recovering it an extremely difficult job because there is a high risk of corruption; if this happens, only parts of the file can be saved and the process is not only pricey but also time consuming.
North Korea may not be behind the cyber-attack on Sony
In the technical section of the report it is mentioned that some of the tools used by the hackers had been compiled in Korean, which leads us to believe that the attack was carried out by North Korea, in an attempt to affect the company because of its support for the comedy “The Interview.”
The movie is about two journalists who get to interview Kim Jong Un and are recruited by the CIA to assassinate the North Korean leader. The Sony movie was labeled as an act of war by the media in North Korea and “a merciless counter-measure” was promised if it would be released.
However, a spokesman for the country’s UN mission told the BBC in relation to the cyber-attack on Sony Pictures Entertainment that DPRK (North Korea) was blamed for everything. “I kindly advise you to just wait and see,” he added.
At the moment, the incident is being investigated by the FBI and Sony contracted the forensic expertise of FireEye’s incident response firm, Mandiant.
The attack has been claimed by a group calling itself Guardians of Peace (GoP), who threatened to leak confidential information from SPE, unless a set of demands privately disclosed to the company was met.
“Attribution of these kinds of attacks is always difficult and while it might be tempting to point the finger at North Korea, we need to be prudent,” said Jerome Segura of Malwarebytes via email.
“This could also be an easy way for a different attacker to hide behind this hack which perhaps was a screen smoke with ulterior motives. We now know that the FBI is warning businesses of devastating malware which is nothing short of an open cyber war,” he added.
