As Russia’s assault on Ukraine worsened last week, fears about global cybersecurity — especially the cyber safety of critical infrastructure — continued to escalate. Russia has been aggressive with cyberattacks in the past, including taking out the Ukrainian power grid in 2014, around the time of the Russian annexation of Crimea.
In response to Russian aggressions, the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) recently issued a joint Cybersecurity Advisory providing an overview of destructive malware that has been used to target organizations in Ukraine, along with guidance on how organizations can detect and protect their networks. The alert, released on Feb. 26, provides information on WhisperGate and HermeticWiper malware, two strains of malware that have recently been used to target organizations in Ukraine.
“In the wake of continued denial of service and destructive malware attacks affecting Ukraine and other countries in the region, CISA has been working hand-in-hand with our partners to identify and rapidly share information about malware that could threaten the operations of critical infrastructure here in the U.S.,” said CISA Director Jen Easterly in the release. “Our public- and private-sector partners in the Joint Cyber Defense Collaborative (JCDC), international computer emergency readiness team (CERT) partners and our longtime friends at the FBI are all working together to help organizations reduce their cyber risk.”
Whispergate is a new type of wiper malware designed to present as ransomware but without any ransom recovery mechanism. According to Microsoft Threat Intelligence, “It is designed to render targeted devices inoperable rather than to obtain a ransom. It belongs to a destructive malware operation targeting multiple Ukrainian organizations.”
HermeticWiper, another destructive strain of wiper malware, was discovered by ESET and is designed to render infected computers inoperable. This new threat was discovered targeting several Ukrainian organizations directly before the Russian invasion.
According to the Joint Cybersecurity Advisory, there is no specific, credible threat to the United States at this time, but it’s still essential for organizations to assess and bolster their cybersecurity in the face of rising geopolitical tensions. CISA and the FBI recommend the following mitigations to strengthen cyber posture:
- Enable multifactor authentication;
- Set antivirus and antimalware programs to conduct regular scans;
- Enable strong spam filters to prevent phishing emails from reaching end users;
- Update software; and
- Filter network traffic.
“The FBI alongside our federal partners continues to see malicious cyber activity that is targeting our critical infrastructure sector,” said FBI Cyber Division Assistant Director Bryan Vorndran. “We are striving to disrupt and diminish these threats, however we cannot do this alone. We continue to share information with our public- and private-sector partners and encourage them to report any suspicious activity. We ask that organizations continue to shore up their systems to prevent any increased impediment in the event of an incident.”
CISA recently updated the Shields Up website to include new services and resources, recommendations for corporate leaders and chief executive officers, and actions to protect critical assets. Additionally, CISA has created a new Shields Up Technical Guidance webpage that details other malicious cyber activity affecting Ukraine. The webpage includes technical resources from partners to assist organizations against these threats.