You can now find Cyber Kendra on Google News | Telegram

Destructive Malware Targeting Organizations in Ukraine - Advisory by CISA & FBI

CISA Releases Advisory on Destructive Malware Targeting Organizations in Ukraine

CISA Advisory for Ukraine

The CISA and the FBI released a joint Cybersecurity advisory today that provides helpful information about destructive malware which has been used to tamper with organizations in Ukraine. The advisory also includes advice and how to handle such cases.

The Advisory with the title "Destructive Malware Targeting Organizations in Ukraine," discusses the use of two types of malware, WhisperGate malware, and HermeticWiper malware, which were used to target organizations in Ukraine. 

It notes that threat actors have deployed destructive malware, including both WhisperGate and HermeticWiper, against organizations in Ukraine to destroy computer systems and render them inoperable. 

On January 15, 2022, the Microsoft Threat Intelligence Center (MSTIC) disclosed that malware, known as WhisperGate, was being used to target organizations in Ukraine.

According to Microsoft, WhisperGate is intended to be destructive and is designed to render targeted devices inoperable.

On February 23, 2022, several cybersecurity researchers disclosed that malware known as HermeticWiper was being used against organizations in Ukraine.

According to SentinelLabs, the malware targets Windows devices, manipulating the master boot record, which results in subsequent boot failure.


On the blog post, CISA says-
 “In the wake of continued denial of service and destructive malware attacks affecting Ukraine and other countries in the region, CISA has been working hand-in-hand with our partners to identify and rapidly share information about the malware that could threaten the operations of critical infrastructure here in the U.S.,” said CISA Director Jen Easterly. “Our public and private sector partners in the Joint Cyber Defense Collaborative (JCDC), international computer emergency readiness team (CERT) partners, and our long-time friends at the FBI are all working together to help organizations reduce their cyber risk.”   

CISA and the FBI strongly urge all organizations to implement the recommendations shared on the advisory to increase their cyber resilience against this threat.

Executives and leaders are also encouraged to review the advisory, assess their environment for atypical channels for malware delivery and/or propagation through their systems, implement common strategies, and ensure appropriate contingency planning and preparation in the event of a cyberattack. 

CISA pointed all the users to check the Shields Up webpage including new services and resources, recommendations for corporate leaders and chief executive officers, and actions to protect critical assets.

Furthermore, CISA has created a new Shields Up Technical Guidance webpage that details other malicious cyber activity affecting Ukraine. The webpage includes technical resources from partners to assist organizations against these threats.  

Mitigation Guides for Handling Destructive Malware

As you know that malware has the capability to target a large scope of systems and can execute across multiple systems throughout a network. As a result, it is important for organizations to assess their environment for atypical channels for malware delivery and/or propagation throughout their systems.

Some immediate actions that can be taken to strengthen cyber posture include:     

  • Enable multifactor authentication;   
  • Set antivirus and antimalware programs to conduct regular scans;   
  • Enable strong spam filters to prevent phishing emails from reaching end-users;   
  • Update software; and   
  • Filter network traffic.    

CISA noted that destructive malware can present a direct threat to an organization’s daily operations, impacting the availability of critical assets and data, they recommend every organization should increase vigilance and evaluate their capabilities, encompassing planning, preparation, detection, and response, for such an event. [PDF] version of the advisory.

Post a Comment

Cookie Consent
We serve cookies on this site to analyze traffic, remember your preferences, and optimize your experience.
Oops!
It seems there is something wrong with your internet connection. Please connect to the internet and start browsing again.
AdBlock Detected!
We have detected that you are using adblocking plugin in your browser.
The revenue we earn by the advertisements is used to manage this website, we request you to whitelist our website in your adblocking plugin.
Site is Blocked
Sorry! This site is not available in your country.