The Cybersecurity and Infrastructure Security Agency (CISA) and the FBI issued a joint advisory this week alerting organizations of destructive malware that is being used to target organizations in Ukraine, with the ongoing warnings of increased cyber-attacks against U.S. organizations.
The malware, WhisperGate and HermeticWiper, is used to “destroy computer systems and render them inoperable.” According to researchers, HermeticWiper targets Windows devices.
The Advisory warns that “Destructive malware can present a direct threat to an organization’s daily operations, impacting the availability of critical assets and data. Further disruptive cyber-attacks against organizations in Ukraine are likely to occur and may unintentionally spill over to organizations in other countries. Organizations should increase vigilance and evaluate their capabilities encompassing planning, preparation, detection, and response for such an event.”
WhisperGate and HermeticWiper are open-source indicators of compromise that companies can detect and prevent. The actions that CISA/FBI urge companies to act on today include:
- Set antivirus and antimalware programs to conduct regular scans.
- Enable strong spam filters to prevent phishing emails from reaching end users.
- Filter network traffic.
- Update software.
- Require multifactor authentication.
The technical details, mitigation actions, and planning considerations are provided in detail in the advisory. The point is that Russia will use all its tools to disrupt not only Ukraine, but its other adversaries as sanctions are implemented, including cyber-attacks. Staying on top of the advisories from CISA and the FBI is an important to help understand the risks and prevent them.