FBI warns of 'destructive' malware attack on US companies

The Federal Bureau of Investigation today issued a warning to US businesses that hackers have used malicious software to launch a destructive attack in the United States, following last week's devastating breach at Sony Pictures Entertainment.

Cybersecurity experts said the malware outlined in the alert appeared to describe the one that affected Sony, which would mark first major destructive cyber attack waged against a company on US soil.

Such attacks have been launched in Asia and the Middle East, but none have been reported in the United States. The FBI report did not say how many companies had been victims of destructive attacks.

"I believe the coordinated cyberattack with destructive payloads against a corporation in the US represents a watershed event," Tom Kellermann, chief cybersecurity officer with security software maker Trend Micro, said.

"Geopolitics now serve as harbingers for destructive cyberattacks."

The five-page, confidential "flash" FBI warning issued to businesses late on Monday, provided some technical details about the malicious software used in the attack. It provided advice on how to respond to the malware and asked businesses to contact the FBI if they identified similar malware.

The report said the malware overrides all data on computer hard drives, including the master boot record, preventing them from booting up.

"The overwriting of the data files will make it extremely difficult and costly, if not impossible, to recover the data using standard forensic methods," the report said.

The document was sent to security staff at a number of US companies in an email that asked them not to share the information.

The FBI released the document in the wake of last Monday's unprecedented attack on Sony Pictures Entertainment, which brought corporate email down for a week and crippled other systems as the company prepares to release several highly anticipated films during the crucial holiday film season.

A Sony spokeswoman said the company had restored a number of important services and was working closely with law enforcement officials to investigate the matter.

She declined to comment on the FBI warning.

The FBI said it is investigating the attack with help from the Department of Homeland Security. Sony has hired FireEye's Mandiant incident response team to help clean up after the attack, a move that experts say indicates the severity of the breach.

While the FBI report did not name the victim of the destructive attack in its bulletin, two cybersecurity experts who reviewed the document said it was clearly referring to the breach at the California-based unit of Sony.

"This correlates with information about that many of us in the security industry have been tracking," said one of the people who reviewed the document. "It looks exactly like information from the Sony attack."

FBI spokesman Joshua Campbell declined comment when asked if the software had been used against Sony.

"The FBI routinely advises private industry of various cyber threat indicators observed during the course of our investigations," he said. "This data is provided in order to help systems administrators guard against the actions of persistent cyber criminals."

The FBI typically does not identify victims of attacks in those reports.

Hackers used malware similar to that described in the FBI report to launch attacks on businesses in highly destructive attacks in South Korea and the Middle East, including one against oil producer Saudi Aramco that knocked out some 30,000 computers.

Those attacks are widely believed to have been launched by hackers working on behalf of the governments of North Korea and Iran.

Security experts said that repairing the computers requires technicians to either manually replace the hard drives on each computer, or re-image them, a time-consuming and expensive process.

Monday's FBI report said the attackers were "unknown."