Researchers with Cisco Talos have broken down the WhisperGate wiper malware used in Ukraine to deface websites, noting similarities between the ‘WhisperGate’ dubbed malware and the previously seen NotPetya wiper. Cisco Talos reports that while there are similarities, WhisperGate has more capabilities ‘designed to inflict additional damage’ using multiple wipers to successfully attack different modern systems.
Saryu Nayyar, CEO and Founder, Gurucul had this comment:
Cisco Talos recommends this mitigation strategy:
Cisco Talos supports the recommendations made by CISA that organizations with interests in the area carefully monitor and isolate systems with connections to Ukraine due to the ongoing challenges they face. This mirrors the recommendations we made in 2017 shortly after NotPetya and our analysis of the malware’s effects.
If that’s you, I would take their advice and run with it.
UPDATE: Chris Olson, CEO, The Media Trust had this to say:
“New reports on the ‘WhisperGate’ malware prove that global cyber actors are becoming more sophisticated, more dangerous and better at evading detection. As web-based attacks become increasingly intertwined with political motives, we expect a rise in similar incidents targeting government agencies, big corporations and critical infrastructure.”
“It’s crucial for decision makers to realize that Web is a powerful threat vector: more powerful than email, and other traditional channels for cyberattacks. Going forward, continuous monitoring of digital assets is the only way to stay safe, collect evidence, and keep up with a constantly shifting cyber landscape.”
UPDATE #2: Bryson Bort, Founder & CEO, SCYTHE had this to say:
“WhisperGate reflects the gray area of destruction and disruption that nation state actors use as a lever in realpolitik: in this case, Russia is using these tactics because there is no reprisal they fear from Ukraine and her allies while making a clear threat of more. Expect more. And, the rest of us can only hope the collateral damage is contained.”