view counter

CybersecurityFBI cautions U.S. firms of hackers trying to overwrite companies’ data files

Published 4 December 2014

On Monday, several cybersecurity officers of U.S. businesses received a five-page “flash” warning from the FBI to be cautious of hackers that may use malware to override all data on hard drives of computers, including the master boot record, which prevents them from booting up. “The overwriting of the data files will make it extremely difficult and costly, if not impossible, to recover the data using standard forensic methods,” the warning read.

Introducing malware like DBAN can delete all data on the drive // Source: fzgh.org.cn

On Monday, several cybersecurity officers of U.S. businesses received a five-page “flash” warning from the FBI to be cautious of hackers that may use malware to override all data on hard drives of computers, including the master boot record, which prevents them from booting up. “The overwriting of the data files will make it extremely difficult and costly, if not impossible, to recover the data using standard forensic methods,” the earning read. The FBI regularly issues cyber alerts to the private sector when it detects or is notified of an intrusion, the Daily Mail quotes an FBI spokesman to say that “This data is provided in order to help systems administrators guard against the actions of persistent cyber criminals.”

The warning comes after Sony Pictures Entertainment reported last Monday that it had been attacked by the hacking group, Guardians of Peace (GOP). The FBI report did not mention names of businesses that had been victims of the cyberattacks but many cybersecurity analysts say the descriptions issued by the agency is similar to those of the Sony attack. “This correlates with information about that many of us in the security industry have been tracking,” said a cybersecurity official who received the FBI alert. “It looks exactly like information from the Sony attack.”

The Sony attack resembles similar hacks against companies in South Korea and the Middle East, including a 2012 attack on oil producer Saudi Aramco that shut down roughly 30,000 computers. Some cybersecurity analysts believe those attacks were launched by hackers working on behalf of the governments of North Korea and Iran. The FBI report did note that some of the software used by the hackers had been compiled in Korean, but the agency did not link any possible connections to North Korea. “I believe the coordinated cyberattack with destructive payloads against a corporation in the U.S. represents a watershed event,” said Tom Kellermann, chief cybersecurity officer with security software maker Trend Micro Inc. “Geopolitics now serve as harbingers for destructive cyberattacks.”

The attack on Sony crippled the firm’s corporate e-mail accounts, along with other critical operating systems, for a week. Sony has since “restored a number of important services” and is “working closely with law enforcement officials to investigate the matter,” a company spokeswoman told Reuters. While the FBI has help from DHS to investigate the attack, Sony has hired FireEye Inc’s Mandiant incident response team to help clean up its systems.