First design
Site Theme
Amid the tragic death toll of Russia’s brutal and catastrophic invasion of Ukraine, the effects of the Kremlin’s long crusade of destructive cyberattacks on its neighbor have been addressed, correctly, after the fact. But after a year of war, it is clear that the cyber war that Ukraine has suffered over the past year represents, in a way, the largest active virtual clash in history. Nowhere else in the world have more samples of data destruction code been attacked in a single year.
Ahead of the one-year anniversary of Russia’s invasion, cybersecurity researchers from Slovak cybersecurity corporation ESET, Fortinet network security corporation, and Google-owned incident reaction corporation Mandiant independently found that in 2022, Ukraine saw far more “windshield wiper” malware specimens than in any previous year of Russia’s long-standing cyber war against Ukraine. Or, for that matter, any other year, anywhere. This does not necessarily mean that Ukraine has been more affected by Russian cyberattacks than in recent years; In 2017, Russian army intelligence hackers known as the Sandcomputer virus released the massively destructive computer virus NotPetya. But the volume in development of destructive code hints at a new type of cyber warfare that accompanied Russia’s physical invasion of Ukraine, with unprecedented speed and diversity of cyberattacks.
“In terms of the number of separate wiper malware samples,” says Anton Cherepanov, ESET’s senior malware researcher, “this is the most intense use of windshield wipers in the history of computing. “
Researchers say they see Russian state-sponsored hackers launching an unprecedented strain of data-destroying malware in Ukraine in a kind of Cambrian wiper blast. They saw specimens written in a wide variety of other programming languages and with other techniques to destroy target device code, from corrupting partition tables used to organize databases, to reusing Microsoft’s SDelete command-line tool and wholesale overwriting files with unwanted data.
In total, Fortinet counted another 16 malware “families” deleted in Ukraine over the past 12 months, up from just one or two in subsequent years, even at the height of Russia’s cyberwarfare before its full-scale invasion. not talking, like, doubling or tripling,” says Derek Manky, head of Fortinet’s risk intelligence team. “It’s an explosion, order of magnitude. ” This variety, according to the researchers, is possibly a sign of the large number of malware developers Russia has assigned to target Ukraine, or Russia’s efforts to create new variants that can stay one step ahead of Ukraine’s detection tools, especially as Ukraine has beefed up its cybersecurity defenses.
Fortinet also found that the increasing volume of deletion malware specimens affecting Ukraine may create a more global proliferation problem. As those malware samples made the impression on the VirusTotal malware repository or even the open source repository Github, Fortinet researchers say their network security teams have detected other hackers reusing those wipers against their targets in 25 countries around the world. “Once this payload is developed, anyone can take it and use it,” Manky says.
Join the Ars Orbital Transmission email to get weekly updates to your inbox.