Credential Theft: The Key to Shamoon 2 Data Destruction

The problem of stolen credentials is a well-known threat in the security industry. But knowing something is a problem and understanding the full scope are two different things. The Shamoon 2 attacks targeting critical organizations across Saudi Arabia should serve as a clear demonstration about how significant the problem of credential theft is and how taking steps to prevent it can yield truly significant, tangible results in protecting against attacks.

For context, the Shamoon attacks of 2012 and the recent Shamoon 2 attacks of 2016 and 2017 are among the most noteworthy attacks in cybersecurity. They are also among the most shadowy attacks: after five years, we still can’t say for sure who is behind them. And aside from Saudi Aramco – whom former U.S. Secretary of Defense Leon Panetta called out as a target – we can’t say for sure which organizations have been hit by Shamoon and Shamoon 2. There are intimations, insinuations, and even claims that Shamoon and Shamoon 2 are the work of Iranian attackers targeting critical organizations and industries in Saudi Arabia, but they’ve never been fully substantiated.