March Cyber Update

Organisations in Ukraine are the target of Destructive Malware


Agencies in the US and Australia have published alerts in response to a recent increase in cyber threats to organisations in Ukraine, stating that organisations should take steps to mitigate the threat that currently exists from destructive malware.

In the US, the alert came from the Cybersecurity and Infrastructure Security Agency (CISA), as well as the Federal Bureau of Investigation (FBI), who have highlighted ‘HermeticWiper’ and ‘WhisperGate’ as the harmful malware in question with the malware being deployed with the aim of destroying computer systems that they target. Whereas in Australia, an additional piece of dangerous malware that is being used with the same end goal as the above has been identified by The Australian Cyber Security Centre as one called ‘IsaacWiper’. 

 The series of alerts that have been put out by these organisations have provided steps that they encourage be taken in order to mitigate the risks posed by these pieces of malware in order to boost resilience. The US have also advised that whilst they are aware of the threats posed as things stand, further down the line there could be more disruptive attacks against organisations in Ukraine, which could potentially have impacts to organisations in other countries.

 The NCSC have stated that whilst they aren’t currently aware of any threats to UK organisations, they have also pointed out that in the past, when Ukraine has experienced cyber attacks similar to the current ones, there has been impacts felt by organisations on an international scale. Therefore, the NCSC has urged organisations to follow their guidance on how to act in the event the cyber threat level is increased, which you can read here. In addition to this, they also have guidance on mitigating malware and ransomware attacks.

Organisations urged to implement zero trust properly

During this year’s ‘Cloud and Cyber Security Expo in London, a question was put to the panel; “Given the sheer scale of attacks in businesses with zero trust, why are businesses getting zero trust wrong?”. The answer, whilst being complicated in nature, can be boiled down to organisations choosing to use zero trust as a necessity, after experiencing an attack. Zero trust only works however when implemented properly, with further threats occurring in the future when organisations fail to do so.

Zero trust has been defined by NCSC as being “an architectural approach where inherent trust in the network is removed, the network is assumed hostile and each request is verified based on an access policy.

If you’re looking for guidance on how to implement zero trust in an effective manner, or even whether it’s the option that would work best for your organisation, then please read the NCSC’s guidance by clicking here.

Phishing attacks were the biggest threat of 2021

The impact of Phishing attacks in 2021 can now be further understood, thanks to the “State of the Phish” report which has been published by ProofPoint, and can be read in more detail by clicking here.

According to the report, 91% of those surveyed were victim to at least one successful email based phishing attack in 2021, and 84% reported that they were victim to email based ransomware attacks. Ultimately, 60% of those who had experienced a ransomware attack originating from email phishing had to pay a ransom.

 Phishing is now seen to be the biggest cyber threat an organisation faces, no matter the size of that organisation, and with phishing emails becoming more sophisticated and harder to spot, it’s vital that organisations have a set of processes in place to ensure that they are as protected as they can be from these types of attacks.

 The NCSC has various resources which can help you understand how to mitigate the risks posed by phishing and ransomware attacks, which I’ll link below.

Phishing attacks: Defending your organisation

Raising staff awareness