Beware of These War-related Malware
March 14, 2022
By Rhia Prajes
As the crisis gets higher between Russia and Ukraine, it caused significant effects globally including private businesses such as financial institutions and IT companies. While deterrence was imposed against Russia all over the world, US government officials advised businesses, after Biden announced sanctions, to look out for ransomware attacks which could lead to the disruption of critical services at this pressing time. While the private-public partnership initiates solutions for these possible cyberattacks, it is imperative for businesses to not only become fully aware of these potential threats but also cover their vulnerabilities.
Here is a summarized list of crisis-related malware from the beginning of 2022 and how to protect your valuable IT assets.
Crisis-Related Malware
FoxBlade Wiper: Hours before Russia began its aggression to Ukraine last February 24, Microsoft detected malware targeting Ukraine. This Distributed Denial of Service (DDoS) Attack’s aim was to collectively attack Ukraine by flooding uncontrollable traffic to the target’s public network connections. FoxBlade targets Ukraine’s military institution, manufacturers, government agencies, financial sectors, energy, agriculture, and humanitarian aid, thus, its objective is to cripple economic and national security.
HermeticWiper Attack: This is a destructive malware that targets Windows devices and manipulates MBR (Master Boot Record) which results in ensuing boot failure. HermeticWiper leveraged into three destructive attacks: (1) Wipe the data; (2) HermeticWizard for spreading on the local network; and (3) HermeticRansom used as the ransomware. It was found out that FoxBlade is actually HermeticWiper due to the exploits having the same file verification.
IsaacWiper Attack: The IsaacWiper attack was detected by a Slovak cybersecurity firm ESET, as the second malware after the HermeticWiper attack. Threat actors drop the latest version of the wipe malware with debug logs. They also used a tool, Impacket, to move laterally, and Remcom, a remote access tool.
GhostWriter Attack: An attack that hacks public figures’ email accounts and uses that to compromise communications and social media accounts. Though threat actors have been active in Ukraine for the past two months, there is a possibility that it directly could attack NATO countries in response to the sanctions imposed.
Protect your valuable assets
To protect your organization from the dangers of Wiper attacks and other ransomware related to this issue, it is equally important to educate users and to understand how threat actors’ various methods work. The following ways can help your organization combat malware like Wiper attacks:
- Update Malware Protection and ensure Backup and Recovery. Having malware protection like the Microsoft Defender for Office 365 provides additional protection against specific types of advanced threats through its email filtering service. With an additional license, the Safe Attachments feature also protects against unknown malware through behavior analysis; providing zero-day protection to secure your messaging system. Securing and managing systems with up-to-date patching and isolating legacy systems ensure business continuity. In addition, having a Backup and Recovery system like redundant storage help secure real-time synchronization of your workloads to the cloud.
- Detection and Protection. Creating a proactive defense against new and evolving threats to forecast your threat risks and implement proactive changes in your security policy helps combat Wiper. Wiper attacks can easily change systems; thus, it is important to leverage cloud-based security technology that has a multi-level view of the IT environment. Logging of key functions, having a multi-factor authentication, and reviewing all authentication activities for remote access infrastructure will further protect your systems from any cyber threats.
- Create solid security models. Attaining a secured and safe environment is the responsibility of all the key players in an organization. For instance, applying for least privilege access, and securing the most sensitive and privileged credentials would reduce the vulnerabilities and threats. Educating users on the threats and vulnerabilities and how threat actors work, will surely protect all the critical IT environments. Assume Breach, Principle of Least-Privileged, and Zero-Trust are a few of the security models an organization can embark on to safeguard its assets.
There is no certainty as to when this crisis will be over, and it requires a combined effort of all the key players to combat the effects of the imminent danger of cyberthreats. With these ongoing issues in cybersecurity, it is necessary to work well with a reliable IT Partner so your business can protect both your IT environment and your shareholder’s welfare.