What's New :
What's New :

info@iasscore.in

8448496262

हिन्दी

GS Analyst: Daily Current Affairs

28th February 2022 (6 Topics)
facebook sharing button
telegram sharing button
whatsapp sharing button
twitter sharing button
twitter sharing button Copy
1 Feb
2 Feb
3 Feb
4 Feb
5 Feb
7 Feb
8 Feb
9 Feb
10 Feb
11 Feb
12 Feb
14 Feb
15 Feb
16 Feb
17 Feb
18 Feb
19 Feb
21 Feb
22 Feb
23 Feb
24 Feb
25 Feb
26 Feb
28 Feb

The Hermetic Wiper malware that targeted Ukraine

Context

Several Ukrainian computers and websites faced cyberattacks by a destructive data-wiper malware hours before Russia began its military assault in the country

About

About Hematic Wiper Malware:

  • Hematic Wiper or data wiper malware can erase all the data from the system that it has infected.
  • The thing that makes this malware dangerous is that the data once deleted, the data cannot be recovered.
  • This malware is quite different from most of the malware out there as it doesn’t steal information, it just destroys it.
  • The malware can even attack the system recovery tools without leaving any traces of the attack.
  • Several cybersecurity experts believe the infections from the malware have spread widely.

Some specific characteristics of Hematic Wiper malware:

  • Attacks are highly targeted:
  • So far, the HermeticWiper attacks have been highly targeted. 
  • Specifically, the distribution of the wiper does not seem to be leveraging supply chain vulnerabilities or other “super-spreader” techniques to scale the attacks.
  • This means that infection will not quickly spill to other geographies.
  • Deployment requires privileged admin rights:
  • The wiper leverages high privileges on the compromised host to make the host “unbootable” by overriding the boot records and configurations, erasing device configurations and deleting shadow copies (backups).
  • Similar tactics were observed in the 2017 NotPetya ransomware attacks, which also targeted Ukrainian infrastructure initially.
  • Active Directory can be used as a launchpad:
  • In one reported case, the wiper software deployed using Active Directory group policy, which means the threat actors had privileged access to Active Directory.
  • This scenario is more commonly used in targeted, human-operated incidents, such as the 2021 Kaseya ransomware supply chain attack.
  • Identity compromise is critical:
  • It appears that the wiper is configured to NOT encrypt domain controllers. This allows the domain to keep running, enabling the wiper software to utilize valid credentials to authenticate to servers and encrypt those.
  • This highlights the critical role of identity in these attacks.
  • By stealing or abusing the identities and credentials of employees or authorized third parties, threat actors can access the target network and/or move laterally.

Malware:

  • Malware, or malicious software, is any program or file that is harmful to a computer user.
  • Malware includes computer viruses, worms, Trojan horses and spyware.
  • These malicious programs can perform a variety of functions, including stealing, encrypting or deleting sensitive data, altering or hijacking core computing functions and monitoring users' computer activity without their permission.

 

Other terms related to it

  • Virus: Viruses attach themselves to clean files and infect other clean files. They can spread uncontrollably, damaging a system’s core functionality and deleting or corrupting files.
  • Trojans: This kind of malware disguises itself as legitimate software, or is included in legitimate software that has been tampered with. It tends to act discretely and create backdoors in your security to let other malware in.
  • Spyware: It hides in the background and takes notes on what you do online, including your passwords, credit card numbers, surfing habits and more.
  • Worms: Worms infect entire networks of devices, either local or across the internet, by using network interfaces. It uses each consecutive infected machine to infect more.
  • Ransomware: Also called scareware, this kind of malware can lock down computer and threaten to erase everything — unless a ransom is paid to its owner.
  • Adware: Though not always malicious in nature, particularly aggressive advertising software can undermine security just to serve ads — which can give a lot of other malware a way in.
  • Botnets: Botnets are networks of infected computers that are made to work together under the control of an attacker.

More Articles

Saudi Aramco finds new gas fields in four regions
International Relations Bilateral relations
Russian space agency’s threat on International Space Station amid Ukraine crisis
Science & Technology Space
What is SWIFT, what shutting Russia out of it means
International Relations Bilateral relations
National Science Day being celebrated to commemorate discovery of Raman Effect
Science & Technology IT and Communication
With Russia-Ukraine conflict, comes inflation challenge
International Relations
X

Verifying, please be patient.

GS SCORE is a teaching platform for Civil Services Examination, both in classroom and online.

Our Center

Delhi (Karol Bagh) Centre

GS SCORE, Second Floor, Metro Tower, 1B, Pusa Road,
Karol Bagh, New Delhi - 110005 (Beside Karol Bagh
Metro Station Gate No. 8)

Email: info@iasscore.in

Phone: +91 8448496262

COURSES

TOPPER'S CORNER

RESOURCES

STATE PCS

ACTIVITY

POLICY

Still Have Questions?

84484 96262
Enquire Now