The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) warned US organizations that data wiping attacks targeting Ukraine could spill over to targets from other countries.
The two federal agencies issued this warning in the form of a joint cybersecurity advisory published over the weekend following the unwarranted Russian invasion of Ukraine.
Although the two malware strains have only been deployed against Ukrainian networks so far, the threat actors deploying them could also accidentally hit other targets, and US organizations should be ready to prevent such devastating attacks.
“Further disruptive cyberattacks against organizations in Ukraine are likely to occur and may unintentionally spill over to organizations in other countries,” CISA and the FBI stated.
“Organizations should increase vigilance and evaluate their capabilities encompassing planning, preparation, detection, and response for such an event.”
The warning comes on the heels of malware attacks against Ukraine using the HermeticWiper malware and ransomware decoys with the end goal of destroying data on targets’ devices and rendering them unbootable.
Ukraine was hit in January by another series of attacks deploying the WhisperGate wiper malware disguised as ransomware.
Data wiping attack mitigation
The joint advisory shares HermeticWiper and WhisperGate malware information and indicators of compromise (IOCs) to help organizations detect and block such malware.
It also provides guidance and measures to take as part of network architecture, security baseline, continuous monitoring, and incident response practices.
“Destructive malware can present a direct threat to an organization’s daily operations, impacting the availability of critical assets and data,” the advisory warns.
“Organizations should increase vigilance and evaluate their capabilities, encompassing planning, preparation, detection, and response, for such an event.”
The list of measures organizations should take as an immediate defense against such attacks includes:
- Setting antivirus and antimalware programs to conduct regular scans.
- Enabling strong spam filters to prevent phishing emails from reaching end users.
- Filtering network traffic.
- Updating software.
- Requiring multi-factor authentication.
A comprehensive list of potential distribution vectors to monitor and block, as well as best practices and planning strategies, can be found at the end of the joint advisory.
The FBI and CISA also encouraged organizations to preserve forensic data for internal investigations or possible law enforcement investigations and report any associated incidents.
To read the original article: