A cyber attack that derailed websites of Iran’s transport ministry and its national railway system earlier this month, causing widespread disruptions in train services, was the result of a never-before-seen reusable wiper malware called “Meteor.”
Iran’s railroad system came under cyberattack Friday, a semi-official news agency reported, with hackers posting fake messages about train delays or cancellations on display boards at stations across the country.
The hackers posted messages such as “long delayed because of cyberattack” or “canceled” on the boards. They also urged passengers to call for information, listing the phone number of the office of the country’s supreme leader, Ayatollah Ali Khamenei.
On July 9, the Iranian train system was left paralyzed in the wake of a major attack, with the hackers defacing electronic displays to instruct passengers to direct their complaints to the phone number of the Iranian Supreme Leader Ayatollah Ali Khamenei’s office. The incident is said to have reportedly caused “unprecedented chaos” at stations with hundreds of trains delayed or canceled.
Now according to SentinelOne, the infection chain commenced with the abuse of Group Policy to deploy a toolkit that consisted of a combination of batch files orchestrating different components, which are extracted from multiple RAR archives and are chained together to facilitate the encryption of the filesystem, corruption of the master boot record (MBR), and locking of the system in question.
Other batch script files dropped during the attack were found to take charge of disconnecting the infected device from the network and creating Windows Defender exclusions for all of the components, a tactic that’s becoming increasingly prevalent among threat actors to hide their malicious activities from antimalware solutions installed on the machine.
In December of that year, Iran’s telecommunications ministry said the country had defused a massive cyberattack on unspecified “electronic infrastructure” but provided no specifics on the purported attack.
It was not clear if the reported attack caused any damage or disruptions in Iran’s computer and internet systems, and whether it was the latest chapter in the U.S. and Iran’s cyber operations targeting the other.
Iran disconnected much of its infrastructure from the internet after the Stuxnet computer virus — widely believed to be a joint U.S.-Israeli creation — disrupted thousands of Iranian centrifuges in the country’s nuclear sites in the late 2000s.
“We should keep in mind that the attackers were already familiar with the general setup of their target, features of the domain controller, and the target’s choice of backup system (Veeam). That implies a reconnaissance phase that flew entirely under the radar and a wealth of espionage tooling that we’ve yet to uncover.
Cyber Security – Challenges & Solutions
Cyber security poses a bigger threat than any other spectrum of technology. Cybercriminals have already started abusing technology-controlled devices for propelling cyber crimes such as frauds and thefts. With technology protocols, still being developed and evolving at a gradual pace, it is very difficult to avoid such cyber-attacks. IoT plays a dramatic role in shaping the future of technology in India. With IoT now becoming the backbone of various ventures, firms, organization,s and even basic ways of living, it is worrying that India has no dedicated law for IoT and some kind of guidance can be referred from the Information Technology Act, 2000 (IT Act, 2000). The Digital India initiative is driving our country towards a digitized life where the existence will highly depend on elements like cloud computing, 5G in telecom, e-Commerce, etc. it is imperative to keep a check on loose ends.
A few challenges that the technology space faces in cyber security are the following:
Digital Data Threat: Growing online transactions generate bigger incentives for cybercriminals. Besides, establishments looking to mine data—for instance, customer information, results of product surveys, and generic market information—create treasured intellectual property that is in itself an attractive target.
Supply Chain Inter-connection: The supply chains are increasingly interconnected. Companies are urging vendors and customers to join their networks. This makes a company’s security wall thin.
Hacking: This action is penetrating into someone’s system in unauthorized fashion to steal or destroy data, which has grown hundred folds in the past few years. The availability of information online makes it easier for even non-technical people to perform hacking.
Phishing: The easiest to execute and can produce results with very little effort. It is the act of sending out Fake emails, and text messages and creating websites to look like they’re from authentic companies.
AUTHOR
HIMANSHU BHARDWAJ
CYBER SECURITY INTERN
