The CISA and the FBI released a joint Cybersecurity advisory today that provides helpful information about destructive malware which has been used to tamper with organizations in Ukraine. The advisory also includes advice and how to handle such cases.
The Advisory with the title "Destructive Malware Targeting Organizations in Ukraine," discusses the use of two types of malware, WhisperGate malware, and HermeticWiper malware, which were used to target organizations in Ukraine.
It notes that threat actors have deployed destructive malware, including both WhisperGate and HermeticWiper, against organizations in Ukraine to destroy computer systems and render them inoperable.
According to Microsoft, WhisperGate is intended to be destructive and is designed to render targeted devices inoperable.
According to SentinelLabs, the malware targets Windows devices, manipulating the master boot record, which results in subsequent boot failure.
“In the wake of continued denial of service and destructive malware attacks affecting Ukraine and other countries in the region, CISA has been working hand-in-hand with our partners to identify and rapidly share information about the malware that could threaten the operations of critical infrastructure here in the U.S.,” said CISA Director Jen Easterly. “Our public and private sector partners in the Joint Cyber Defense Collaborative (JCDC), international computer emergency readiness team (CERT) partners, and our long-time friends at the FBI are all working together to help organizations reduce their cyber risk.”
CISA and the FBI strongly urge all organizations to implement the recommendations shared on the advisory to increase their cyber resilience against this threat.
Executives and leaders are also encouraged to review the advisory, assess their environment for atypical channels for malware delivery and/or propagation through their systems, implement common strategies, and ensure appropriate contingency planning and preparation in the event of a cyberattack.
CISA pointed all the users to check the Shields Up webpage including new services and resources, recommendations for corporate leaders and chief executive officers, and actions to protect critical assets.
Furthermore, CISA has created a new Shields Up Technical Guidance webpage that details other malicious cyber activity affecting Ukraine. The webpage includes technical resources from partners to assist organizations against these threats.
Mitigation Guides for Handling Destructive Malware
As you know that malware has the capability to target a large scope of systems and can execute across multiple systems throughout a network. As a result, it is important for organizations to assess their environment for atypical channels for malware delivery and/or propagation throughout their systems.
Some immediate actions that can be taken to strengthen cyber posture include:
- Enable multifactor authentication;
- Set antivirus and antimalware programs to conduct regular scans;
- Enable strong spam filters to prevent phishing emails from reaching end-users;
- Update software; and
- Filter network traffic.
CISA noted that destructive malware can present a direct threat to an organization’s daily operations, impacting the availability of critical assets and data, they recommend every organization should increase vigilance and evaluate their capabilities, encompassing planning, preparation, detection, and response, for such an event. [PDF] version of the advisory.