On February 24, only hours before Russia launched its invasion of Ukraine, Microsoft discovered a new malware program, which it called “FoxBlade.” A number of cybersecurity companies have introduced precautionary measures for possible victims as fears about virus repercussions from the conflict have become increasingly widespread.
In the hours leading up to the invasion, the Microsoft Threat Intelligence Center (MSTIC) observed a fresh wave of offensive and destructive cyberattacks intended at Ukraine’s digital infrastructure. The business notified the Ukrainian authorities of the problem as soon as it became aware of it and gave technical guidance on how to prevent the infection from being successful.
“Within three hours of the discovery of this new vulnerability, signatures to identify this new exploit had been created and uploaded to our Defender anti-malware service, assisting in the defense against this new threat,” Microsoft said.
We have given Ukrainian authorities with threat information and defensive recommendations in recent days about assaults on a variety of targets, including Ukrainian military institutions and factories as well as various other Ukrainian government bodies,” the statement said. “This work is still in progress.”
Due to the increasing intensity of cyberwarfare in Ukraine, a Lithuania-based cybersecurity business, Surfshark, has created a film that shines a light on the hazards of cyberwarfare and provides people with practical advice on how to defend themselves.
In response to the dispute, cybersecurity company Vectra AI is providing a variety of free cybersecurity tools and services to businesses who feel they may be attacked as a consequence of the fight. The information requested on this form must be provided by all interested parties.
Cyberattacks on bank websites and ATMs, as well as military computer networks, have taken down critical infrastructure in recent days. In recent years, disinformation efforts intended to incite fear have spread via cellphone networks. In this fight, Vectra said, any kind of business might be targeted by a cyberattack at any time.
In the words of Hitesh Sheth, president, and CEO of Vectra AI, “escalating cyber warfare will have unintended effects.” It is impossible for any public or private institution to be content with being a mere observer.
Everyone at Risk
Surfshark’s Aleksandr Valentij, who serves as the company’s chief information security officer, agreed that the worldwide escalation of potential cyber dangers is escalating.
After Russia invaded Ukraine on February 24, cyber warfare has become more widespread throughout the world.” The ability to confine cyberattacks in specific geographic areas is difficult, and there is always a considerable risk of collateral harm to practically any nation on the earth,” he said.
Valentij recommended all computer users to take the following practical mitigating actions to protect themselves:
- Any strange behavior, particularly phishing efforts, should be taken much more seriously. Phishing attacks continue to be the most frequent kind of cybercrime, with every third online crime victim falling victim to one.
- Do not download files from unfamiliar or unsafe HTTP sites in order to prevent infection with malware.
- Maintain the most recent version of all your applications.
- Make backups of your most vital data to ensure that you are protected in the event of a cyberattack of the “wiper” kind. This kind of malware, which was identified lately and was designed to delete data from Ukrainian financial institutions and government contractors, was detected.
- Use anti-virus, a virtual private network (VPN), and firewall software to keep your internet surfing safe; avoid overusing communication channels, which may be more prone to crashing at this tough period;
- Maintain a cool and collected demeanor and do not panic. As propaganda emerges, it is important to be cautious of anything you read or see on the internet.
- “The Petya malware assault in 2016 would serve as an excellent illustration of a comparable situation.” “Even though it was intended mainly for Ukraine, it caused widespread devastation throughout the world,” Valentij said.
Detailed information about the subject is accessible at this link.
Vectra AI provides the following services on a gratis basis to those who need instant support in the present emergency:
- Examine the Microsoft Azure Active Directory and Microsoft Office 365 infrastructures for indicators of malicious activity.
- As part of this effort, AWS infrastructure is being monitored for signals of active attacks, and detection and response capabilities are being provided for both the network and control plane of AWS accounts.
- Identify and investigate indicators of an attack on network infrastructure, both in the cloud and on-premises, including the deployment of Vectra sensors, which are specifically designed to identify malicious activities.
- Maintaining historical information to assist with incident response investigations based on indications of compromise (IOCs) for particular attack variants is a good idea, according to experts.
According to Microsoft, the recent and continuing intrusions have been pinpointed with pinpoint accuracy. The company’s malware searchers had not come across the usage of the indiscriminate malware technology that was used in the 2017 NotPetya assault, which swept across Ukraine’s economy and even beyond its borders.
Nonetheless, recent assaults against Ukrainian civilian digital targets, including the banking sector, agricultural sector, emergency response agencies, humanitarian relief operations, as well as organizations and corporations in the energy sector, have piqued our interest.
According to Brad Smith, Microsoft’s president and vice chairman, “these strikes on civilian targets raise severe concerns under the Geneva Convention.” Smith wrote on the company’s blog on Monday about the attacks.
Researchers discovered a few attempts before the Russians arrived that seemed to be testing before more sophisticated attacks were conducted, according to Hank Schless, senior manager for security solutions at cloud security startup Lookout.
“While there has been very little information released regarding FoxBlade, it seems that Microsoft is implying that the persons responsible for its creation intended to use it to attack key infrastructure in Ukraine,” he told Dailion.
FoxBlade is a nasty trojan that is placed on computers in order to allow Distributed Denial of Service (DDoS) assaults to be launched against such systems. As Nathan Einwechter, director of security research at Vectra, pointed out, Microsoft’s blog does not make this fact explicitly clear.
Neither the virus nor the target environments are infected with it. It is deployed on as many potential targets of opportunity as is reasonably feasible.
After enough systems have been taken over by them, the infected machines can be coordinated to knock the actual target (i.e., Ukrainian critical infrastructure) off the internet by flooding their public network connections with more traffic than they can handle, he explained to the news outlet Dailion.
Russian state threat organizations are well-known for using assaults like these, as well as ransomware operations, to create a diversion in order to conceal more direct efforts to enter target systems. On the other hand, if an adversary is unable to infiltrate the network of a target, he or she may resort to DDoS assaults in order to impair the target’s capacity to continue operating during the course of the attack, according to Einwechter.