News Insights: Malware Attack on Ukraine

journalofcyberpolicy

Hugh Taylor | journalofcyberpolicy.com »

In a blog published Saturday, Microsoft says it has discovered  a destructive malware being used to corrupt systems of multiple organizations in Ukraine. Microsoft Threat Intelligence Center (MSTIC) first discovered the ransomware-like malware on January 13.

Research Insights:
Saryu Nayyar
Saryu Nayyar, CEO, Gurucul

“As noted, this is not atypical ransomware as it overwrites the master boot record. Nation state threat actors usually have three objectives, spying for intelligence, intellectual property theft, and disruption/destruction. Clearly this is the latter as these threat actor groups aren’t interested in simple financial gain. What is of note is the malware propagates through publicly available code used for lateral movement and execution. Part of that execution is downloading of file corruption software from a Discord channel. This is where it is critical to employ adaptive machine learning and behavioral detection found in true next generation SIEMs identifying the lateral movement and connection attempts to Discord. In addition, identity and access analytics are extremely useful here to determine unusual or unauthorized remote access. The combination of the two goes beyond sifting through traditional IoCs that can easily be missed or escalated by traditional SIEMs or XDR tools.”

 

Eric Milam, VP Research and Intelligence, BlackBerry

“The latest cyberattack on Ukraine may be a manifestation of tensions over Crimea but it is also a reminder of the power of Russian cyber threats internationally. My own team’s investigation and prevention of these Russian threats, such as Dr. REvil, has revealed that it is crucial for organisations and government to learn how to protect against state-sponsored cyber attacks as a matter of highest priority. As government agencies collect and share more digital information, they must develop a comprehensive, integrated approach to security to protect highly confidential data and communication. This can be done through AI-based threat prevention, enabling a Zero Trust security environment which continuously validates that trust at every event or transaction to authenticate users.”

Malware Attack on Ukraine

Malware Attack on Ukraine
External Link: News Insights: Malware Attack on Ukraine

Share this page:

Related Posts