Login to your account

Username *
Password *
Remember Me

Create an account

Fields marked with an asterisk (*) are required.
Name *
Username *
Password *
Verify password *
Email *
Verify email *
Captcha *
Reload Captcha

Advertisement 

×

Message

EU e-Privacy Directive

This website uses cookies to manage authentication, navigation, and other functions. By using our website, you agree that we can place these types of cookies on your device.

View e-Privacy Directive Documents

You have declined cookies. This decision can be reversed.

Malware Surge ‘Could Indicate Imminent Attack’: Research claims

Written by  May 24, 2018

Cisco has warned of a possibly imminent cyber-attack on the Ukraine, after a strain of what it believes is state-backed malware was found to be rapidly spreading in the country.

Previous malware oubreaks in the Ukraine have spread worldwide, including the June 2017 “NotPetya” attack that UK and US officials said was the most destructive cyber-incident to date.

The malware in question, which Cisco called VPNFilter, has infected at least half a million routers and storage devices in dozens of countries.

Cisco’s Talos computer security unit said it believes the malware is used by the Russian government, because it shares code with malware previously used in cyber-attacks the US government has attributed to Moscow.

Internet shutdown

The malware is capable of monitoring internet traffic, to obtain sensitive details such as login credentials, as well as initiating destructive attacks on industrial networks.

Some versions of VPNFilter “possess a self-destruct capability that overwrites a critical portion of the device’s firmware and reboots the device, rendering it unusable”, Cisco said in an advisory. “We assess with high confidence that the actor could deploy this self-destruct command to most devices that it controls.”

The malware is aimed at collecting intelligence, creating a platform from which to launch attacks and making it difficult for those attacks to be reliably attributed, Cisco said.

Its desctructive capability “shows that the actor is willing to burn users’ devices to cover up their tracks, going much further than simply removing traces of the malware”, Cisco wrote.

“If it suited their goals, this command could be executed on a broad scale, potentially rendering hundreds of thousands of devices unusable, disabling internet access for hundreds of thousands of victims worldwide or in a focused region where it suited the actor’s purposes.”

Advertisement 

Ukraine targeted

The Ukraine’s SBU state security service said a rapid increase in VPNFilter infections in that country might indicate an attempt to destabilise the Champions League footbal final due to be held in Kiev on Saturday.

Cisco said an attack could be planned ahead of Ukraine’s Constitution Day on 28 June.

Russia has previously denied allegations by the Ukraine and the US that it operates a large-scale hacking programme.

Moscow has been linked to attacks on the Ukraine that shuttered factories and took out parts of the energy grid in 2015 and 2016. The US alleges Russia was behind hacks that attempted to manipulate the 2016 US presidential elections.

The Cyber Threat Alliance, of which Cisco is a member along with Check Point Software, Fortinet, Palo Alto Networks, Sophos,  Symantec and others, issued an alert of its own on VPNFilter, saying the threat should be taken seriously.

VPNFilter infections are spread across at least 54 countries, but surged in the Ukraine on 8 May and 17 May. Routers from Linksys, MikroTik, Netgear and TP-Link are affected.

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.

Advertisement 

  1. Popular
  2. Trending
  3. Comments

Calendar

« October 2018 »
Mon Tue Wed Thu Fri Sat Sun
1 2 3 4 5 6 7
8 9 10 11 12 13 14
15 16 17 18 19 20 21
22 23 24 25 26 27 28
29 30 31        

Advertisement 

Advertisement