CyberTalk

Data wiping cyber attacks could be next, CISA warns

Network and server room concept

EXECUTIVE SUMMARY:

The Cybersecurity and Infrastructure Security Agency (CISA) warns US organizations to strengthen their cyber security posture in relation to potential data wiping attacks, which have recently been observed targeting Ukrainian government agencies and businesses.

Late last week, Ukrainian government agencies and corporate groups contended with coordinated cyber attacks involving website defacement and data-wiping malware. As a result, certain Windows devices became inoperable.

More information

Sources informed cyber security journalists that attackers may have leveraged the CVE-2021-32648 vulnerability in conducting their virtual raids. The Ukraine Cyber Police are working on a new investigation into the use of Log4j vulnerabilities and stolen credentials as a secondary avenue of network and server access.

Initially, the website defacements and data-wiping malware incidents appeared as separate attacks. However, Ukraine has since issued a press release stating that entities were hit by both threats simultaneously, strongly suggesting attack coordination.

Some security experts attribute the attacks to Ghostwriter, a state-sponsored cyber criminal group with links to Belarus.

How US organizations can prepare

CISA advocates for business leaders and US-based organizations to proactively take the following steps in order to reduce the probability of similar attacks hitting networks.

  1. Ensure that all remote access to your organization’s network and privileged or administrative access require multi-factor authentication.
  2. Prioritize updates that address known exploited vulnerabilities.
  3. Disable ports and protocols that are not critical for business functionality.
  4. For organizations that rely on cloud services, ensure that IT personnel have reviewed and implemented strong controls.
  5. Register for CISA’s freely available cyber hygiene services, which includes vulnerability scanning, and can help minimize exposure to threats.

Top ways to detect intruders

Additional resilience measures

CISA also suggests that organizations review and test backup procedures pertaining to the storage and restoration of critical data. Data backups should be isolated from network connections.

In addition, if reliant on industrial control systems or operational technology, organizations may wish to conduct a test of manual controls. This will help ensure that critical systems remain operable in the event of a network disruption.

For more information on network security, see CyberTalk.org’s past coverage here. Lastly, please join us at the premiere cyber security event of the year, CPX 360 2022. Register here.

Exit mobile version