{"id":18362,"date":"2022-02-25T04:30:14","date_gmt":"2022-02-25T12:30:14","guid":{"rendered":"https:\/\/www.palada.net\/index.php\/2022\/02\/25\/news-12095\/"},"modified":"2022-02-25T04:30:14","modified_gmt":"2022-02-25T12:30:14","slug":"news-12095","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2022\/02\/25\/news-12095\/","title":{"rendered":"Windows is in Moscow\u2019s crosshairs, too"},"content":{"rendered":"

<\/p>\n

Credit to Author: Preston Gralla| Date: Fri, 25 Feb 2022 03:00:00 -0800<\/strong><\/p>\n

Russia telegraphed its intentions to invade Ukraine well ahead of this week\u2019s attack by massing nearly 200,000 soldiers along Ukraine\u2019s borders, and by Vladimir Putin\u2019s increasingly belligerent threats.<\/p>\n

Behind the scenes, Russia was doing more than that, including dangerous cyberattacks launched against Ukraine. And as is typically the case in such attacks, Windows was the attack vector.<\/p>\n

\u201cWe\u2019ve observed destructive malware in systems belonging to several Ukrainian government agencies and organizations that work closely with the Ukrainian government, Tom Burt, Microsoft corporate vice president for customer security and trust, wrote in a blog post<\/a> in mid-January. \u201cThe malware is disguised as ransomware but, if activated by the attacker, would render the infected computer system inoperable.\u201d In a related technical post detailing how the malware works<\/a>, Microsoft added: \u201cThese systems [under cyberattack] span multiple government, non-profit, and information technology organizations, all based in Ukraine.\u201d<\/p>\n

Notably, money was not the object of the attacks. Instead, the attackers wanted to destroy systems and data. And they succeeded. The malware attacked Windows-based systems, overwriting Master Boot Records (MBR) with a ransom note. Microsoft explains, \u201cThe MBR is the part of a hard drive that tells the computer how to load its operating system.\u201d<\/p>\n

After the infection, \u201cehe malware executes when the associated device is powered down,\u201d Microsoft said. \u201cOverwriting the MBR is atypical for cybercriminal ransomware. In reality, the ransomware note is a ruse and the malware destructs MBR and the contents of the files it targets.\u201d (The malware attacks files in other ways as well.)<\/p>\n

The attacks, in essence, were the first act of war against Ukraine; they likely presage more to come now that full-on war has begun.<\/p>\n

Just before Russia\u2019s invasion, another \u2014 possibly more dangerous \u2014 cyberattack against Ukraine arose, according to CIODive<\/a>; that attack uses WatchGuard firewall appliances to spread malware. John Hultquist of Mandiant Threat Intelligence told CIODive, “In light of the crisis in Ukraine, we are very concerned about this actor, who has surpassed all others we track in terms of the aggressive cyberattacks and information operations they have conducted. No other Russian threat actor has been so brazen and successful in disrupting critical infrastructure in Ukraine and elsewhere.”<\/p>\n

The same post also warns about a new piece of malware targeting Windows machines in Ukraine: HermeticWiper, whose sole purpose is to destroy data (also by targeting their MBR).<\/p>\n

There\u2019s reason to believe more is coming. \u201cU.S. authorities have warned for months about the potential collateral damage of a Russian military incursion into Ukraine,\u201d CIODive reported. The new cyber activity could ricochet through multinational businesses, supply chains and key infrastructure facilities, like transportation, energy and healthcare.\u201d<\/p>\n

In a similar vein, CybersecurityDive<\/a> explained how cyberattacks can quickly spread and compound each other. \u201cAs international pressure grows over Russia’s conflict with Ukraine, major U.S. enterprises \u2014 particularly those operating critical infrastructure \u2014 are in the crosshairs of a nation-state military standoff that could easily spill onto the cyber terrain. Russia, largely isolated by the United States and key NATO allies, has demonstrated the will and ability to leverage a sophisticated arsenal of cyber capabilities from its military intelligence arm and a range of proxies from the country’s criminal underground.\u201d<\/p>\n

US government officials believe the US will be also targeted. Earlier this month, ABC News cited a US Department of Homeland Security note<\/a> that warned: “We assess that Russia would consider initiating a cyberattack against the Homeland if it perceived a US or NATO response to a possible Russian invasion of Ukraine threatened its long-term national security.\u201d<\/p>\n

Given Putin\u2019s apparent paranoia, there\u2019s little doubt he believes US and NATO responses to the invasion \u2014 including sanctions and other forms of economic pain \u2014 will threaten Russia\u2019s long-term national security. So, we can expect attacks to begin at any point.<\/p>\n

What does this mean for business? Plenty. With Russian cyberattacks against the United States, even if your company doesn\u2019t operate critical infrastructure or have anything to do with finances or security, it will be in the crosshairs. When wide-ranging attacks are launched, they take on a life of their own and target any business they can.<\/p>\n

If companies haven\u2019t already undertaken stepped-up security precautions, they\u2019re already late. It\u2019s time to harden your outer defenses. Patch every system that can be patched. Check Microsoft\u2019s security bulletins. Teach your staff how recognize email-borne and mobile-borne attacks.<\/p>\n

And recognize that this is just the beginning. This war is just the first in which cyberattacks will accompany real-world damage. Given humankind\u2019s penchant for warfare, more wars will follow. And Windows, because of its widespread use, will remain a key target.<\/p>\n

http:\/\/www.computerworld.com\/category\/security\/index.rss<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

<\/p>\n

Credit to Author: Preston Gralla| Date: Fri, 25 Feb 2022 03:00:00 -0800<\/strong><\/p>\n

\n
\n

Russia telegraphed its intentions to invade Ukraine well ahead of this week\u2019s attack by massing nearly 200,000 soldiers along Ukraine\u2019s borders, and by Vladimir Putin\u2019s increasingly belligerent threats.<\/p>\n

Behind the scenes, Russia was doing more than that, including dangerous cyberattacks launched against Ukraine. And as is typically the case in such attacks, Windows was the attack vector.<\/p>\n

\u201cWe\u2019ve observed destructive malware in systems belonging to several Ukrainian government agencies and organizations that work closely with the Ukrainian government, Tom Burt, Microsoft corporate vice president for customer security and trust, wrote in a blog post<\/a> in mid-January. \u201cThe malware is disguised as ransomware but, if activated by the attacker, would render the infected computer system inoperable.\u201d In a related technical post detailing how the malware works<\/a>, Microsoft added: \u201cThese systems [under cyberattack] span multiple government, non-profit, and information technology organizations, all based in Ukraine.\u201d<\/p>\n

To read this article in full, please click here<\/a><\/p>\n<\/section>\n<\/article>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[11062,10643],"tags":[714,24580,10525],"class_list":["post-18362","post","type-post","status-publish","format-standard","hentry","category-computerworld","category-independent","tag-security","tag-small-and-medium-business","tag-windows"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/18362","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=18362"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/18362\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=18362"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=18362"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=18362"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}