There are reports this week that Saudia Arabia has been hit again with the Shamoon malware used in a cyber attack on its oil industry in 2012.
Symantec researchers said the latest variant remains largely unchanged from the previous version which was designed to clear the master boot records and replace them of an image with a burning U.S. flag, according to a Nov. 30 blog post.
The latest version instead displays a photo of the body of Alan Kurdi, the three year-old Syrian refugee who drowned last year in the Mediterranean.
Although the source and motive for the attacks have yet to be confirmed, some reports contend the attack appears to have come from Iran, which was responsible for the 2012 attacks, according to Bloomberg.
The thing that should be most shocking here is that after the 2012 attack, Saudi systems can (apparently) still be attacked with the same malware, “largely unchanged.”
This is not evidence of the Iranians’ cyber prowess, but rather, a failure of the Saudis to learn from and respond effectively to the first attack. This kind of thing is too often the case in the world of cyber conflict. The case of Sony comes to mind.