Russia is using wipers to cause massive cyber damage

Russia is still trying to create a battlefield in cyberspace, where it attacks its opponents with evil programs called windshield wipersspecies software that “clean” (deletion) the hard drive of the computer it infects, erasing all its data and programs, causing enormous damage to companies or organizations, according to a study by S21sec, a Spanish company specializing in cybersecurity and the global fight against cybercrime.

“Let’s remember that the targets of these attacks are usually public or private sector organizations that always fall into the category of critical infrastructure, such as transport or telecommunications,” he told Dialogue Mario Orellana, consultant and cybersecurity expert with information technology management organization ISACA, El Salvador, August 30, 2022 “If you don’t know or are not sure if what you are doing is enough to protect yourself, then let your guard down and report of vulnerability.”

Exploitation of these vulnerabilities is a common factor in most cyber attacks. During the first half of 2022 alone, S21sec identified 11,925 vulnerabilities. Of these, 2,051 occurred in March.

“These destructive attacks are carried out by government-sponsored APT (Advanced Persistent Threat) groups with strong technical capabilities,” the report said. “The scope of the attack extends to other countries and international organizations that do not actively participate in armed conflicts.”

The 2022 Global Threat Index, released in August by FortiGuard Labs, the intelligence arm of Fortinet, the US cybersecurity company, identified at least seven new types of threats. windshield wipers during the first six months of 2022, used against government, military and private organizations in Ukraine.

The S21sec report emphasizes that the distribution windshield wipers of Russian APT groups represents one of the main threats, due to its destructive cyber potential. Russia’s invasion of Ukraine has seen an increase in the activity of these groups, which are spreading infection campaigns with destructive malware and cyberespionage.

“The large number of cyber threats identified in the first half of 2022 poses a great risk to public and private entities, highlighting the lack of security in the structure of the affected organizations,” explained Sonia Fernández, head of the intelligence team at S21sec. . “The Russian-Ukrainian war is bringing with it a paradigm shift in the cyber landscape, which requires that cyber security becomes a priority for companies and institutions to reduce vulnerabilities while protecting their activities.”

Given the capabilities of Russian APTs and their latest actions in geopolitical dispute scenarios, their activity is likely to remain at a high level with potential cyberattacks and diversification, posing a major risk to critical infrastructure, S21sec warns.

Fortinet emphasizes that malware that restricts access to certain files from groups of computers and demands a ransom in exchange for removing the restriction is the main threat. Telecommuting, which has been promoted since the start of the COVID-19 pandemic, may be a factor in the frequency. In the six months of 2022, 10,666 variants of cyber attacks were recorded, compared to 5,400 in the second half of 2021.

“We do a lot of remote work; most of the time, the devices we use are connected to weakly protected networks,” explained José Laguna, director of engineering at Fortinet Iberia, to the Spanish newspaper. Earth. “The laptop, tablet or work computer you use at home is not connected to the business network, which could also be attacked, but at home these devices are easier to attack and that is why cyber attackers concentrate there. Your efforts.”

Other The EconomistMicrosoft’s Threat Intelligence Center warns that Russia has 128 targets in 42 countries, mostly in Europe and NATO countries.

Because of the above, Orellana emphasizes the importance of implementing short-term, medium-term and long-term actions to detect, protect, react and recover from any type of Russian cyber attack.

“The current situation between Russia and Ukraine will not be the only conflict we will face. Anything that could be aimed at crippling, vulnerable or damaging the country’s key or productive infrastructure is a target,” the Salvadoran expert emphasized. “Countries must delegate someone or an institution within their government structures to manage the crisis. This figure must […] they promote asset protection, detect anomalies, react and recover from any attack.”

Leave a Reply

Your email address will not be published. Required fields are marked *