Over the last two days, a wave of cyberattacks has reportedly hit Ukrainian computers, including targeted distributed denial-of-service (DDoS) attacks on government websites and a new malware found on hundreds of computers.
Update: February 25, 2022 – Existing Armis customers can scroll to the end of this blog post for additional insights on how how to leverage the Armis Platform to discover malicious/anomalous activity in their environment.
Cybersecurity company ESET reported that a new data wiper malware was found to be installed on hundreds of compromised computers.
ESET’s research team said that based on the timestamp of the malware, the attacks could have been in preparation for several weeks/months. ESET named the malware HermeticWiper based on the Cypriot company, Hermetica Digital, to which the malware’s certificate was found to be issued.
HermeticWiper can erase all data from the system it has infected. One thing that makes this malware so dangerous is that once data has been deleted, it cannot be recovered. This malware is different from most, in that it doesn’t steal information. It just destroys it. The malware can even infect system recovery tools, leaving no traces of the attack.
A joint report issued by U.K. and U.S. intelligence agencies claims that a new malware dubbed Cyclops Blink, believed to be built by the Russian hacker group Sandstorm, has replaced the earlier VPNFilter malware that infected more than half a million routers in 2018.
The report was published yesterday by the U.K. National Cyber Security Centre, the U.S. Cybersecurity and Infrastructure Security Agency, the U.S. National Security Agency, and the Federal Bureau of Investigation.
The groups said that the malware, which has been circulating for at least three years, is “sophisticated and modular with basic core functionality to beacon device information back to a server to enable files to be downloaded and executed”.
The new version of malware is said to be even more sophisticated, as they stated that “There is also functionality to add new modules while the malware is running, which allows Sandstorm to implement additional capability as required.”
Events such as these are becoming more prolific, as malware, ransomware, and other malicious software are being leveraged by nation-state attackers worldwide in the form of modern cyber warfare. These attacks and many like them make headlines on a daily basis and the implications can be heard, if not felt, globally.
Every organization is at risk of cyber threats that can disrupt essential services and even result in impacts to public safety. In the past year alone, cyber incidents have impacted many companies, non-profits, and other organizations, large and small, across multiple industries and segments of the economy.
Understanding your organization’s risk exposure is crucial for planning and implementing mitigation strategies. There are a few different security solutions that can detect and/or protect against these cyber threats. However, each of these solutions provides standalone protections and addresses different threat aspects. In order to truly understand your security posture, you need to have a full picture of your current assets, their state, their vulnerabilities, and security controls.
This requires the ability to gather data from different IT and security tools, and analyze it to get contextual intelligence about the assets at risk. This will help you understand:
Without this data, it would be very difficult and time consuming to respond to emerging threats. It would also be difficult to take proactive measures to improve cyber hygiene and reduce your attack surface.
Want to know how Armis can help? Sign up for a free asset visibility assessment to see the power of contextual asset intelligence: https://www.armis.com/the-armis-quick-asset-visibility-assessment/
If you don’t have access to Armis Asset Intelligence Platform, here are a number of recommended steps to improve your cyber hygiene:
Asset discovery is the first step to a successful cybersecurity strategy. Security teams need to know what they have across the operational and enterprise environments in order to assess their risk posture.
Organizations also need to identify when devices behave unexpectedly, which might indicate they are compromised. Calculating a risk score for each device, helps security teams prioritize vulnerabilities and take proactive steps to minimize the attack surface.
Real-time monitoring of assets and traffic is crucial to active threat discovery. Passive monitoring ensures that your network, systems, and devices are continuously tracked without disruption.
Organizations also need real-time policy enforcement and automated remediation to isolate devices, trigger alerts, and initiate software updates. Generate segmentation policies to reduce exposure to threats.
Armis is here to Help
If you’d like to consult with our experts, or see a demo of the Armis Asset Intelligence Platform contact us today (https://www.armis.com/demo/)
Update for existing Armis customers:
It is expected that additional cyber attacks will expand globally. And we realize that existing Armis customers will want to know how to utilize Armis to look for these attacks and respond appropriately. While we cannot anticipate every attack situation or company business risk profile. We can give some insight as to the type of Armis queries (AQL) that may help our customers to start looking for active threats in their environment that could point to malicious activity due to the ongoing threat presented.
Referencing the CISA alert that was released on Feb 16, 2022 CISA has identified areas that are expected threats but are not necessarily all encompassing.
For the vast majority of our customers these areas would likely be of concern:
Below are examples of Armis queries which might be helpful in looking for malicious/anomalous activity. Please note that the queries below include a time frame of 7 days. If a customer decides to use these queries as policies please ensure that the 7 day time frame is removed prior to saving as a policy.
If you have any questions, please reach out to your Customer Success Manager or Technical Account Manager for assistance. Armis is here to help.
Sign up to receive the latest news