Dangerous Malware Can Wipe Hard Drives
The FBI has sent a confidential "flash" alert to numerous U.S. businesses, warning them that hackers have recently launched a destructive "wiper" malware attack. While the alert doesn't name the victim, numerous information security experts say the malware appears to correspond with the malicious code used in the recent hack attack against Sony Pictures Entertainment.
See Also: "Black Friday" Cybersecurity Challenges for the Banking & Merchant Community
The FBI alert marks the first time that dangerous wiper malware has been used in an attack against a business in the United States, security experts say. Previous such attacks were seen in the Middle East in 2012 and in South Korea in 2013. Wiper malware is one of the rarest types of malware and "highly destructive," security firm Kaspersky Lab says, owing to it having the ability to wipe hard drives and even BIOS flash memory. Infections with the malware can lead to costly and lengthy repairs and data stored on devices often being impossible to restore, unless it's been backed up offsite.
The five-page FBI memo was sent directly to information security personnel at some U.S. businesses late on Dec. 1, and included guidance for how to recognize and respond to the malware, Reuters first reported. The FBI requested in the memo that the contents not be shared publicly. But according to press reports, the FBI memo says that while the identity of the attackers is "unknown," some of the malware that's been used in the attacks was built using Korean-language development tools.
The FBI didn't immediately respond to a request for comment about its flash report. But the bureau confirmed Monday that it's assisting in the Sony breach investigation. "The FBI is working with our interagency partners to investigate the recently reported cyber-intrusion at Sony Pictures Entertainment," the FBI says in a statement provided to Variety. "The targeting of public and private sector computer networks remains a significant threat, and the FBI will continue to identify, pursue and defeat individuals and groups who pose a threat in cyberspace."
A group with ties to North Korea is suspected of being responsible for the attack against Sony Pictures, owing to the malware that was employed in the Sony attack being "nearly identical" to attack code employed in the March 20, 2013, "Dark Seoul" attack against South Korean banks and broadcasters, The Wall Street Journal reports, citing anonymous sources with knowledge of the investigation. South Korean officials later reported that they had traced that attack, which used "wiper" malware to delete the contents of an estimated 32,000 PCs, to an IP address located in the North Korean capital of Pyongyang.
Sony didn't immediately respond to a request for comment on the FBI report, or reports that it has hired digital forensic investigation firm Mandiant to investigate and help remediate the attack. But a Sony spokeswoman says the company has "restored a number of important services" and is "working closely with law enforcement officials to investigate the matter," Reuters reports.
Multiple information security experts have connected the FBI alert with the Sony attack. "This correlates with information that many of us in the security industry have been tracking," one individual who reviewed the FBI alert tells Reuters. "It looks exactly like information from the Sony attack."