During times of modern conflict, how can you secure your business against collateral damage?
It’s a reality that during modern global conflicts, cyber-attacks will rise dramatically. With increasing hostilities in the Ukraine, some UK companies should expect to become targets of such attacks. Companies with links to government, highly visible industry-leading brands or those involved in the supply of even slightly sensitive products and services will already be shoring up their cyber defences.
But the risk is indiscriminate and with new attack types in the form of malware variations or social manipulation, the collateral damage will be far greater than just those targeted.
The National Cyber Security Centre (NCSC), which is part of GCHQ has issued advice for UK businesses to increase their defences against possible exposure to highly destructive malware issued during this conflict.
So, for any business, it is critical to take pre-emptive measures in anticipation of this surge in cyber-attacks. Preparation is your first and best defence.
NCSC recommended steps include:
- Review system patching and make sure devices, firmware and internet-facing services are all patched.
- Ensure defences are working
- Accelerate planned improvements which may require you to reprioritise investments.
Further steps include:
- Set-up robust inbound policies that include denial of connections from Russia or other nations of risk.
- Implement a layered defence strategy to increase your ability to detect and respond to zero-day attacks or other targeted threats. SonicWall recommends IPS, email security, two-factor authentication and real-time sandboxing, such as Capture ATP with RTDMI.
SonicWall Protections Against Notable Cyber-attacks
SonicWall is proactive in detection and protection against known attack types emanating during this conflict. Zero-day attacks are increasingly common but SonicWall threat defences are well positioned to detect anomalous activity in real-time and to protect disruption to business.
HermeticWiper Malware
This threat was documented by SonicWall on the 22nd February when it was detected by Capture ATP with RTDMI as per the SonicAlert, HermeticWiper Data-Wiping Malware Targeting Ukrainian Organizations. All SonicWall firewalls that are part of the Capture ATP network would have been protected against this attack before it was officially discovered.
HermeticWiper Malware Signature Protection
- GAV: HermeticWiper.A (Trojan)
- GAV: HermeticWiper.A_1 (Trojan)
Conti Ransomware
The Conti ransomware gang publicly announced that they would attack any organisation that launched a cyberattack against Russian infrastructure. As such, it’s important organizations have protection against Conti ransomware. Both SonicWall Capture ATP with RTDMI and active SonicWall firewalls with current signatures are protected from Conti ransomware.
Conti Ransomware Signature Protection
- GAV: Conti.RSM (Trojan)
- GAV: Conti.RSM_2 (Trojan)
- GAV: Conti.RSM_3 (Trojan)
- GAV: Conti.RSM_4 (Trojan)
- GAV: Conti.RSM_5 (Trojan)
- GAV: Conti.RSM_6 (Trojan)
PartyTicket Ransomware
Believed to be deployed in conjunction with the HermeticWiper malware, SonicWall Capture Labs analyzed the PartyTicket ransomware in the SonicAlert, A Look at PartyTicket Ransomware Targeting Ukrainian Systems. The ransomware arrives as an executable Windows file, but overall appears to be unsophisticated ransomware created quickly to take advantage of the current climate.
SonicWall customers are protected from the PartyTicket ransomware variant via the below signature, as well as by real-time Capture ATP with RTDMI and Capture Client endpoint protection.
PartyTicket Ransomware Signature Protection
- GAV: PartyTicket.RSM (Trojan)
Are you protected against zero-day threats?
SonicWall's offsite sandboxing platform, Capture Advanced Threat Protection is proven to detect and prevent zero-day threats.Does your firewall?
Free SonicWall Firewall Health Check
Have a SonicWall appliance but not sure you're getting the best defence? Give us a call for a free health check.Capture Advanced Threat Protection
All the latest (Gen7) SonicWall products with an EPSS or APSS (Essential/Advanced Protection Services Suite) licence include CATP. For example the latest TZ Series:
And also the latest NSa models:
CATP is also included with any AGSS license from older (Gen6) models. Contact us if you are not sure.