The Cybersecurity and Infrastructure Security Agency (CISA) urges U.S. organizations to strengthen their cybersecurity defenses against data-wiping attacks recently seen targeting Ukrainian government agencies and businesses.
As reported by BleepingComputer, Ukraine government agencies and corporate entities suffered coordinated cyberattacks last Friday where websites were defaced, and data-wiping malware was deployed to corrupt data and cause Windows devices to become inoperable.
Also Read: New Licensing Requirements For Cyber-Security Service Providers in 2022
Sources told cybersecurity journalist Kim Zetter that the attackers likely conducted the website defacements using the CVE-2021-32648 vulnerability in the OctoberCMS platform. The Ukraine Cyber Police say they are investigating the use of Log4j vulnerabilities and stolen credentials as another means of access to the networks and servers.
CNN also reports that a Ukrainian I.T. services company that helped develop many of these sites was also a victim, raising concerns about a supply-chain attack.
The website defacements and data-wiping malware attacks were originally thought to be different attacks. However, Ukraine issued a press release yesterday stating that entities were hit by both attacks, leading them to believe they were coordinated.
“Thus, it can be argued with high probability that the interface (replacement of displayed information) of websites of attacked government agencies and destruction of data by Viper are part of a cyber attack aimed at causing as much damage to the infrastructure of state electronic resource,” the Ukraine government announced yesterday.
Ukraine blames these attacks on Russia, with some security experts attributing the attacks to Ghostwriter, a state-sponsored hacking group with ties to Belarus.
CISA is now urging business leaders and U.S. organizations to take the following steps to prevent similar destructive attacks on their networks.
“This CISA Insights is intended to ensure that senior leaders at every organization in the United States are aware of critical cyber risks and take urgent, near-term steps to reduce the likelihood and impact of a potentially damaging compromise,” warns a new CISA Insights bulletin.
“All organizations, regardless of sector or size, should immediately implement the steps outlined below.”
While CISA’s recommendations are in response to the recent cyberattacks on Ukraine, the following suggested steps are also good advice to prevent any network intrusion, including those leading to ransomware attacks.
Also Read: A Closer Look: The Personal Information Protection Law in China
CISA also recommends that cybersecurity and IT personnel read their recent bulletin on mitigating Russian state-sponsored cyber threats to U.S. critical infrastructure.