Russia had telegraphed its intention to invade Ukraine shortly before this week’s attack by mass-attacking nearly 200,000 troops along the Ukrainian border, and in the face of increasingly belligerent threats from Vladimir Putin.
Behind the scenes, Russia does much more, including dangerous cyberattacks against Ukraine. And as is typical in such attacks, Windows is the attack vector.
“We have observed destructive malware in the systems of a number of Ukrainian government agencies and organizations that work closely with the Ukrainian government,” said Tom Burt, Microsoft Corporate Vice President for Security and customer trust, wrote in a blog post in mid-January. “Malware disguised as ransomware, but if activated by an attacker, will render the infected computer system inoperable.” In one Related technical post detailing how malware worksMicrosoft adds: “These systems [under cyberattack] includes a variety of government, nonprofit and information technology organizations, all of which are based in Ukraine. ”
Notably, money is not the subject of attacks. Instead, the attackers want to destroy the system and data. And they succeeded. This malware attacked Windows-based systems, overwriting Master Boot Records (MBR) with a ransom note. Microsoft explains, “The MBR is the part of the hard drive that tells the computer how to load its operating system.”
Once infected, “the malware executes when the device involved is powered off,” Microsoft said. “MBR overwriting is not typical for cybercriminal ransomware. In fact, ransomware notes is a ruse and this malware will destroy the MBR as well as the contents of the files it targets. (Malware also attacks files in other ways.)
The attacks were, in essence, the first act of the war against Ukraine; they could have predicted much more in advance when full-scale war had begun.
Just before the Russian invasion, another – possibly more dangerous – cyberattack broke out against Ukraine, according to CIODive; That attack uses WatchGuard firewall appliances to deliver malware. Mandiant Threat Intelligence’s John Hultquist told CIODive, “In light of the crisis in Ukraine, we are very concerned about this actor, who has outpaced all others we monitor in terms of cyber attacks. and the active disinformation operation they have conducted. No other threat from Russia actors have so brazenly and successfully disrupted critical infrastructure in Ukraine and elsewhere.”
The same post also warns of a new malware targeting Windows machines in Ukraine: HermeticWiper, whose sole purpose is to destroy data (also by targeting their MBR).
There’s reason to believe more is coming. “US authorities have been warning for months about the possibility of collateral damage as Russian troops infiltrate Ukraine,” CIODive reported. New cyber activity could erupt through multinational enterprises, supply chains, and critical infrastructures, such as transportation, energy, and healthcare.”
In a similar circuit, CybersecurityDive explained how cyberattacks can quickly spread and combine. “As international pressure mounts over Russia’s conflict with Ukraine, large American businesses – especially those that operate critical infrastructure – are at the edge of an international military status quo. The nation-state can easily spill over into the network topography. Russia, largely isolated by the United States and its NATO allies, has demonstrated the will and ability to leverage a sophisticated cyber arsenal from its military intelligence arm and a host of proxies from underground criminal forces. of this country”.
US government officials believe the US will also be a target. Earlier this month, ABC News quote a note from the US Department of Homeland Security We assess that Russia will consider launching a cyberattack against the Homeland if it perceives the US or NATO’s response to Russia’s possible invasion of Ukraine as threatening its national security. their permanent family.”
Given Putin’s apparent paranoia, he no doubt believes that US and NATO responses to the invasion – including sanctions and other forms of economic harm – will threaten Russia’s long-term national security. So we can expect attacks to start at any time.
What does this mean for business? A lot of. With Russian cyberattacks targeting the United States, even if your company doesn’t operate critical infrastructure or has nothing to do with finances or security, your company will be in trouble. towel. When large-scale attacks are launched, they take hold on their own and target any business they can.
If companies haven’t taken extra security precautions, it’s too late. It’s time to strengthen your outer defenses. Patch every patchable system. Check out Microsoft’s security bulletins. Teach your employees how to recognize email and mobile attacks.
And realize that this is just the beginning. This war is just the first where cyberattacks will come with real-world damage. Given humanity’s penchant for war, many wars will follow. And Windows, because of its widespread use, will remain the primary target.
Copyright © 2022 IDG Communications, Inc.
https://www.computerworld.com/article/3651490/windows-is-in-moscow-s-crosshairs-too.html#tk.rss_all Windows is also available in Moscow