WannaCry malware was first discovered in May 2017 and a patch was released roughly two months prior to its public release. However, 230,000 computers were globally affected by WannaCry as of 3/31/2021. It is unfortunate to hear, but many companies remain vulnerable to this attack due to unpatched systems. We often see that by the time some companies update their systems, they have already experienced a breach.
CISA recently advised U.S. business leaders to protect their companies from destructive malware that has been seen targeting Ukraine. This emphasizes the importance of having the right technologies in place. The automated detection and protection capabilities of the CrowdStrike Falcon platform protect customers from this malware, provide them with visibility into their environments and allow for intelligent monitoring of cloud resources.
Though the level of fear of Covid 19 has diminished, there are other fears surrounding the 2022 Olympic games. Fears of telecom disruptions and ransomware attacks are founded, and the damage that could be caused has increased with the reliance on technology to broadcast the Games, which kicks off on February 4. Organizers are preparing for the kind of cyberattack that temporarily paralyzed IT systems ahead of the official opening ceremonies of the 2018 Pyeongchang Winter Olympics in South Korea.
Threat actors go to great lengths to hide the intentions of the malware they produce. For instance, binaries are often encrypted or packed. Typically, encrypting binaries is enough to thwart automated analysis platforms such as Cuckoo or other automated malware sandboxes. The implication is that automated detection of malicious programs might not be successful.
In November 2021, AT&T Alien Labs™ first published research on our discovery of new malware written in the open-source programming language Golang. The team named this malware “BotenaGo.” In this article, Alien Labs is updating that research with new information.
A new destructive malware called WhisperGate was discovered in mid-January 2022 targeting Ukrainian organizations. This threat emerged during geopolitical conflicts in Ukraine, masquerading as ransomware. However, this malware has a more destructive nature: wiping files and corrupting disks to prevent the OS from loading. Ukraine has suffered other cyberattacks that seem to be connected to WhisperGate, such as the defacement of many websites connected to their governments.
In my decade working in the cybersecurity industry, I’ve developed quite a few fond memories learning from talented security professionals. In 2015, I found myself working with Andy Pendergast at ThreatConnect. (As a little background, Andy is one of the fine folks who developed the Diamond Model for Intrusion Analysis. He is considered to be a veritable cybersecurity encyclopedia among his peers.) At the time, I was new to cyber threat intelligence (CTI).
On June 23, 2021, threat actors reported that they had stolen a terabyte of data from Saudi Aramco, a state-owned oil company in Saudi Arabia. The threat actors released samples of data they had procured after redacting critical information. They also claimed to have detailed information on Aramco’s employees, such as their full names, photographs, passport scans, emails, phone numbers, residence permit (Iqama card) numbers, job titles, employee ID numbers, and family information.
