War In Ukraine And The Rise Of Destructive Malware

May 19, 2022

The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) recently issued a joint Cybersecurity Advisory on destructive malware targeting organizations in Ukraine.

"Destructive Malware Targeting Organizations in Ukraine" discusses WhisperGate and HermeticWiper malware. Although the malware does not threaten the U.S. at this time, the advisory encourages all organizations to assess and strengthen their cybersecurity.

Destructive malware threatens daily operations and the availability of critical assets and data.

The director of CISA stated that the agency has been working with partners to identify and share information on malware that could threaten critical infrastructure in the U.S. following continued denial of service and destructive malware attacks in Ukraine.

The FBI Cyber Division assistant director said they and their partners continue to see malicious cyber activity targeting critical infrastructure and are working to "disrupt and diminish these threats." They ask organizations to "shore up their systems to prevent any increased impediment in the event of an incident."

The Cybersecurity Advisory also includes information on how organizations can detect malware and protect their own networks.

Steps include:

·      Enabling multifactor authentication

·      Setting antivirus and anti-malware software to conduct regular scans

·      Enabling strong spam filters

·      Updating software, and

·      Filtering network traffic.

"CISA and FBI Publish Advisory to Protect Organizations from Destructive Malware Used in Ukraine" www.hstoday.us (Feb. 27, 2022).

 

Commentary

According to the Cybersecurity & Infrastructure Security Agency (CISA), destructive malware is “malicious code that is designed to destroy data.”

Destructive malware exploits existing vulnerabilities for quiet and easy access to systems and can disrupt an organization's daily operations.

Destructive malware spreads through popular communications tools, including via worms sent to email and instant messages, Trojan horses dropped from websites, and malicious files downloaded from peer-to-peer connections.

CISA recommends implementing best practices related to communication flow, access control, monitoring, file distribution, and system and application hardening to increase your resilience to destructive malware.

Organizations can consult CISA’s website for the full list of best practices and take steps to protect your organization from destructive malware. Here is a link to CISA’s “Security Tip (ST13-003): Handling Destructive Malwarewww.cisa.gov (Feb. 01, 2021).

Finally, your opinion is important to us. Please complete the opinion survey:

News

Fake Postal Service Note Infects Devices: How Employers Can Address Phishing Risks

Clicking the link in the phony postal service email delivers an infected Excel file. How can employers fight back? Read More

Synthetic Identities And Ghost Employees

The recent sentencing of a cybercriminal gang in the U.S. highlights growing types of cyber fraud. Learn about the risks. Read More

Facial Recognition Faces Challenges Even Though Passwords Still Present Security Risks

Facial recognition logins on government sites are put on hold for now. Read why passwords continue to remain the default. Read More