Microsoft Detects Lurking Malware On Ukrainian Computers (bdnews24.com) 42
"Microsoft warned on Saturday evening that it had detected a highly destructive form of malware in dozens of government and private computer networks in Ukraine," reports the New York Times, "that appeared to be waiting to be triggered by an unknown actor...."
The Times reports that the malware "bears some resemblance" to NotPetya, the widespreading 2017 malware which "American intelligence officials later traced to Russian actors."
The discovery comes in the midst of what the Times earlier called "the security crisis Russia has ignited in Eastern Europe by surrounding Ukraine on three sides with 100,000 troops and then, by the White House's accounting, sending in saboteurs to create a pretext for invasion."
Long-time Slashdot reader 14erCleaner shares the Times' latest report: In a blog post, [Microsoft] said that on Thursday — around the same time government agencies in Ukraine found that their websites had been defaced — investigators who watch over Microsoft's global networks detected the code. "These systems span multiple government, nonprofit and information technology organizations, all based in Ukraine," Microsoft said.... The code appears to have been deployed around the time that Russian diplomats, after three days of meetings with the United States and NATO over the massing of Russian troops at the Ukrainian border, declared that the talks had essentially hit a dead end....
Microsoft said that it could not yet identify the group behind the intrusion, but that it did not appear to be an attacker that its investigators had seen before. The code, as described by the company's investigators, is meant to look like ransomware — it freezes up all computer functions and data, and demands a payment in return. But there is no infrastructure to accept money, leading investigators to conclude that the goal is to inflict maximum damage, not raise cash.
It is possible that the destructive software has not spread too widely and that Microsoft's disclosure will make it harder for the attack to metastasize. But it is also possible that the attackers will now launch the malware and try to destroy as many computers and networks as possible.... Warnings like the one from Microsoft can help abort an attack before it happens, if computer users look to root out the malware before it is activated. But it can also be risky. Exposure changes the calculus for the perpetrator, who, once discovered, may have nothing to lose in launching the attack, to see what destruction it wreaks.
So far there is no evidence that the destructive malware has been unleashed by the hackers who placed it in the Ukrainian systems....
The new attack would wipe hard drives clean and destroy files. Some defense experts have said such an attack could be a prelude to a ground invasion by Russia. Others think it could substitute for an invasion, if the attackers believed a cyberstrike would not prompt the kind of financial and technological sanctions that [U.S. President] Biden has vowed to impose in response.
Ukraine's Ministry of Digital Development issued a statement that "All evidence indicates that Russia is behind the cyberattack. Moscow continues to wage a hybrid war and is actively building up its forces in the information and cyberspaces." While the Associated Press reported the statement, the Times notes that the ministry provided no evidence, "and early attribution of attacks is frequently wrong or incomplete."
But the Times also cites U.S. national security adviser Jake Sullivan as saying "If it turns out that Russia is pummeling Ukraine with cyberattacks, and if that continues over the period ahead, we will work with our allies on the appropriate response."
The Times reports that the malware "bears some resemblance" to NotPetya, the widespreading 2017 malware which "American intelligence officials later traced to Russian actors."
The discovery comes in the midst of what the Times earlier called "the security crisis Russia has ignited in Eastern Europe by surrounding Ukraine on three sides with 100,000 troops and then, by the White House's accounting, sending in saboteurs to create a pretext for invasion."
Long-time Slashdot reader 14erCleaner shares the Times' latest report: In a blog post, [Microsoft] said that on Thursday — around the same time government agencies in Ukraine found that their websites had been defaced — investigators who watch over Microsoft's global networks detected the code. "These systems span multiple government, nonprofit and information technology organizations, all based in Ukraine," Microsoft said.... The code appears to have been deployed around the time that Russian diplomats, after three days of meetings with the United States and NATO over the massing of Russian troops at the Ukrainian border, declared that the talks had essentially hit a dead end....
Microsoft said that it could not yet identify the group behind the intrusion, but that it did not appear to be an attacker that its investigators had seen before. The code, as described by the company's investigators, is meant to look like ransomware — it freezes up all computer functions and data, and demands a payment in return. But there is no infrastructure to accept money, leading investigators to conclude that the goal is to inflict maximum damage, not raise cash.
It is possible that the destructive software has not spread too widely and that Microsoft's disclosure will make it harder for the attack to metastasize. But it is also possible that the attackers will now launch the malware and try to destroy as many computers and networks as possible.... Warnings like the one from Microsoft can help abort an attack before it happens, if computer users look to root out the malware before it is activated. But it can also be risky. Exposure changes the calculus for the perpetrator, who, once discovered, may have nothing to lose in launching the attack, to see what destruction it wreaks.
So far there is no evidence that the destructive malware has been unleashed by the hackers who placed it in the Ukrainian systems....
The new attack would wipe hard drives clean and destroy files. Some defense experts have said such an attack could be a prelude to a ground invasion by Russia. Others think it could substitute for an invasion, if the attackers believed a cyberstrike would not prompt the kind of financial and technological sanctions that [U.S. President] Biden has vowed to impose in response.
Ukraine's Ministry of Digital Development issued a statement that "All evidence indicates that Russia is behind the cyberattack. Moscow continues to wage a hybrid war and is actively building up its forces in the information and cyberspaces." While the Associated Press reported the statement, the Times notes that the ministry provided no evidence, "and early attribution of attacks is frequently wrong or incomplete."
But the Times also cites U.S. national security adviser Jake Sullivan as saying "If it turns out that Russia is pummeling Ukraine with cyberattacks, and if that continues over the period ahead, we will work with our allies on the appropriate response."
Highly destructive form of malware (Score:4, Funny)
It's called Windows.
Re: (Score:2)
Linux malware sees 35% growth during 2021 [bleepingcomputer.com]
Re:Highly destructive form of malware (Score:5, Insightful)
Linux malware sees 35% growth during 2021 [bleepingcomputer.com]
Which is nearly identical to Windows’ numbers [av-test.org] if you care to do the math. Windows grew from 90.75 million pieces of recognized malware in 2020 to 116.91 million in 2021, which is a roughly 29% increase.
Beware growth statistics absent any context. Anytime you see them being used that way, they’re almost always being deliberately abused to create a sense of alarm or to otherwise engage in clickbait behavior. A 35% increase may be massive...or it may mean an increase of one. We need context to make sense of numbers and ensure that others aren’t "lying with statistics".
Re: (Score:2)
Linux achieves the same level of malware growth as Windows. Truly, this is the year of the Linux Desktop!
Re: (Score:2)
Linux malware sees 35% growth during 2021 [bleepingcomputer.com]
Which tells us absolutely nothing. 1 malware attack becoming 2 would be a 100% increase. Yet I'm pretty sure we'd all agree that two malwares for an OS wasn't all that bad...
Keep posting the yellow journalism, you idiot.
Re: (Score:2)
Linux malware sees 35% growth during 2021 [bleepingcomputer.com]
So basically from "almost nothing" to "almost nothing"? Scary....
Re: (Score:2)
I'm almost 100% certain you have no idea what is really going on. Just admit it and stop trying to gin up "inconsistencies" you think you see.
Re: The fella is smoking something... (Score:1)
Re: (Score:2)
I do not know what is going on. Any opinion I may have is uninformed. Maybe we ought to wait and see.
Re: (Score:3)
"Microsoft warned on Saturday evening that it had detected a highly destructive form of malware in dozens of government and private computer networks in Ukraine," reports the New York Times, "that appeared to be waiting to be triggered by an unknown actor...."
> So who is this unknown actor?
It's... so hard to say
> We need something
A regional player
> Specifically?
An Asia-european regional player
> More specifically?
An Indo-asia-european regional player
> That's broader. I sorta need a country
An unaligned player
> How about a country? Just one?
I wouldn't want to raise tensions
> Where?
In this room
> You know what, I'll name one, and you just nod.... Russia!
(Vigorous nodding)
(Cribbed from "Utopia").
Not sure (Score:2, Funny)
But isn't malware always lurking in the background?
Re: (Score:2)
Yeah, news would be if they found a country that *didn't* have malware lurking on its computers.
Are we ready for Cyber WWIII? (Score:2)
Assume that Russia is doing a massive cyber attack on Ukraine and then sends troops across the border... Should the US institute counter-cyber attacks as a core part of our (less than sending troops into battle) response? And then are we ready for Cyber WWIII?
Re:Are we ready for Cyber WWIII? (Score:4, Insightful)
Should the US institute counter-cyber attacks as a core part of our (less than sending troops into battle) response?
It really depends on the target. If we are going after a government then it's likely already part of procedure as a tactical option. However, it doesn't have much of a place in asymmetric warfare because it's much better as a tool for intelligence gathering.
There is nothing "core" about electronic warfare, it's just another tactic.
Re: (Score:1)
Re: (Score:2)
this x 1000. However Ukraine doesn't want to be invaded and their best ally in that quest are NATO countries, so effectively they are now in NATO (sans votes or other benefits)
Bullshit. You just pull that out of your ass? Yes, yes you did.
Who the fuck are you to declare that Ukraine is now effectively in NATO? Has any government leader said such? Again, no.
Countering Putin's desinformation (Score:5, Informative)
Bullshit. It does [wikipedia.org]:
Now that you've been educated, will you revise your sources of information?
Re: (Score:2, Interesting)
2) Like the title says it was the "Security Assurance" meaning that it is a political expression. If it had been a "security guarantee" there would have been more of a case that the US has responsibility to act.
3) It was more a written agreement that Clinton would not attack the other named countries.
4) If this actually had any substance it would have matter back when russia invaded Ukraine a few years ago. Besides a few people talking about how russ
Re: (Score:1)
Senate's approval is America's internal matter — Ukraine has received its assurances and upheld its end of the stick.
Whether it has "force" — and what would it mean, anyway, without an independent judge and a contract-enforcement apparatus — the obligation to help exists, much as Putin's propagandons would like Americans to believe otherwise.
Re: (Score:2)
And now you ask NK and Iran etc to give up nuclear weapon ambitions.when they see what happens to the "assurances" when an attack happens or seems imminent. Ukraine already lost a chunk of it's country to one of those giving an assurance. The others involved have made some noises and put up some ineffective sanctions (it does not hit the people in charge since they have workaround and enough wealth to insulate themselves- it may hit the normal people).
NK/Iran will be crazy to cut down on their nuclear plans
Free pen testing! (Score:3)
If Ukraine is wise about this, they will use this as an opportunity to plug many different vulnerabilities, thereby leaving their systems more secure than before.
Re: (Score:2)
So they'll be moving off Winders then? Ah, if only they are wise enough.
Re: Free pen testing! (Score:2)
Re: Free pen testing! (Score:4, Insightful)
True and you will probably get modded down for not taking the opportunity to trash Windows.
So I should be quiet that my Windows machines updated and killed my VPN to a remote site that wild be life threatening to try to get to at this point?
Killed my NTP as well. Fortunately, my Linux and MacOS machines are still working. But hey - Don't trash Windows!
Y'all folks keep saying say that Windows is just as secure as Linux - Prove it.
Then after you are done showing that Windows is just as secure, tell us why Microsoft uses Linux to run Azure?
Now tell us why the fallback mantra is that Linux is more secure because no one is using it - HowBow those Linux servers? Are there so few of them? Microsoft has shown time and again that it is vulnerable to malware, and has shown since XP days that their updates are worse than malware - at least as far as machines working after their "security updates" which are rammed down our throats.
Re: Free pen testing! (Score:2)
Re: (Score:3)
All the OSes have issues. Hating on Windows vice Linux tends to get modded up. I personally don't care what OS I use.
That is very true. They all do have issues. But those of us who use all three of the big OS' quickly find out which ones are most troublesome. Almost all my computer issues are with my Windows machines. And it is ongoing. No MacOS user would ever put up with the ongoing update BS Windows has. And Linux went from a real nuisance many years ago. where the goal seemed to be to just get functions to work to a sound operating System, that works out of the gate.
So when we complain about Windows, we might have
Re: (Score:3)
Y'all folks keep saying say that Windows is just as secure as Linux - Prove it.
Anyone who says that is wrong as studies have shown there is a large statistically significant difference in bug occurrence. That said, while Linux isn't perfect but the real bugscape is the userlands. Red Hat has a bit of a Not Invented Here/code churn issue and their influence on other distributions cannot be understated, especially with systemd. Anyway it goes, switching to Mandatory Access Control would greatly improve security and while this may be surprise, third-party permission systems do exist f
Re: (Score:3)
If Ukraine is wise about this, they will use this as an opportunity to plug many different vulnerabilities, thereby leaving their systems more secure than before.
Or plug a few thousand [yahoo.com] Russian soldiers [independent.co.uk] like they have been doing for years [glasnostgone.org].
Re: (Score:3, Interesting)
Russian forces are outclassed in several areas. If a serious push comes the Russian body count will be high.
Ukraine is operating the absolute latest in Turkish UAV technology whereas Russia has Orlan-10; a toy by comparison. Ukraine has been supplied with Javelin missiles by the US. You don't want to be operating a tank anywhere near Javelin's.
Level of damage (Score:5, Insightful)
"The new attack would wipe hard drives clean and destroy files."
Many years ago (probably pre-2000) and a book that attempted to catalogue the different types of malware then known had outline descriptions of the damage caused.
Surprisingly, "wiping the hard drive" was classed as "minor" damage. The book explained this as it was a reasonable assumption that regular backups were made. Hence, the impact was simply the time taken to restore from the backup.
(From memory, "major" damage was where data files were subtly corrupted (for example, random changing of digits, or changing an occurrence of "=" into ">". This would mean that everything would carry on without being detected, Including backups. Hence backups themselves would be perfectly usable, but the contents would have unknown changes going back an unspecified time. As a result, the backups could no longer be relied upon at all)
Come on they are using Microsoft probucts! (Score:1)
What else did they detect? (Score:2)
It's nice to know Microsoft knows everything about your computer.
Re: (Score:2)
Probably the malware was detected and reported by Windows Defender.
Victims notified? (Score:2)
It sounds like Microsoft did a thorough analysis of the malware and know some infected computers. In principle they will have been able to pass that info along to the victims? And provided some kind of mitigation?
Ah... it all becomes clear now (Score:5, Insightful)
So now we know exactly why Russia arrested the REVIL ransomware hackers recently. I wonder what kind of deals are being done to recruit their skills against foreign nations in return for a more lenient (if any) prison term? :->
Re:Ah... it all becomes clear now (Score:4, Interesting)