Defense against file-based malware – GCN

From the time the Russian invasion of Ukraine began on Feb. 24, cybersecurity has been top of mind for government agencies at every level – federal, state and local.

In March the White House issued a statement by President Joe Biden warning of potential cyberattacks backed by the Russian government and targeted at U.S. public- and private-sector organizations. The Cybersecurity and Infrastructure Security Agency, for its part, issued a rare Shields Up warning about potential cyberattacks from Russia, advising that “every organization – large and small – must be prepared to respond to disruptive cyber incidents.”

File-based cyber disruption

Among the most chilling forms of cyberattack perpetrated by Russia-backed threat actors is wiper malware.

Wipers are often file-based attacks in which the attacker entices users to open common filetypes such as .DOCX and .PDF. When the document is opened, it runs a macro that installs a digitally signed binary that rewrites the master boot record – destroying all data on the drive. A wiper can corrupt the master boot record and erase all data on an infected hard drive — a nightmare scenario for any organization.

In the runup to Russia’s invasion of Ukraine, threat actors targeted Ukrainian enterprises and government agencies with multiple wiper attacks. These included HermeticWiper, which manipulates the master boot record and results in a boot failure. WhisperGate not only corrupts the master boot record and encrypts files but also displays a ransomware message. Affected files are unrecoverable, however, even if the ransom is paid.

CISA warns that even if the cyberattacks in Ukraine aren’t targeted at other nations, they can easily spill over and circulate around the world. A likely way that will occur is through phishing campaigns. In fact, more than 90% of successful cyberattacks begin with a phishing email.

Safer content through CDR

Security-focused organizations like CISA and the FBI recommend practical steps to mitigate against file-based attacks. These include turning on strong spam filters to prevent phishing emails from reaching employees and configuring antivirus software to perform frequent scans to protect against known…