Maintaining heightened cyber safety during uncertain times

Situation overview Russia’s invasion of Ukraine is a prime example of one nation employing a combination of traditional weaponry and cyberattacks against another to disrupt…

OpenText Security Cloud Team profile picture

OpenText Security Cloud Team

March 9, 20224 minutes read

Situation overview

Russia’s invasion of Ukraine is a prime example of one nation employing a combination of traditional weaponry and cyberattacks against another to disrupt business and government. As outlined by the US Cybersecurity & Infrastructure Security Agency (CISA) in its alert:

“Further disruptive cyberattacks against organizations in Ukraine are likely to occur and may unintentionally spill over to organizations in other countries. Organizations should increase vigilance and evaluate their capabilities encompassing planning, preparation, detection, and response for such an event.”

As foundational precautions, OpenTextTM is recommending several industry best practices including:

  • Set antivirus and antimalware programs to conduct regular scans.
  • Conduct threat hunting.
  • Enable strong spam filters to prevent phishing emails from reaching end users.
  • Filter network traffic.
  • Update software.
  • Require multifactor authentication.

Combatting known threats

On January 15, 2022, it was disclosed that malware known as WhisperGate was being used to strategically target organizations in Ukraine, rendering targeted devices inoperable. These threat actors were also targeting domain controllers of these businesses to disrupt their ability to operate—looking to cause as much damage as possible as quickly as possible.   

Then, on February 23, 2022, it was discovered that malware known as HermeticWiper was being used against organizations in Ukraine. This malware targets Windows devices, manipulating the master boot record, which results in subsequent boot failure. HermeticWiper appears to be a custom-written application with very few standard functions. The adversaries are using a tried and tested technique of wiper malware, abusing a benign partition management driver, to carry out the more damaging components of their attacks.

In addition, the CISA has identified an increased number of Conti ransomware attacks on US companies and other entities. Conti users frequently employ spearphishing techniques to gain access to digital infrastructure and then exploit legitimate remote monitoring and management software and remote desktop software as backdoors to maintain persistence. The actors use tools already available on the victim network—and, as needed, add additional tools, such as Windows Sysinternals and Mimikatz—to obtain users’ hashes and clear-text credentials, which enable the actors to escalate privileges within a domain and perform other post-exploitation and lateral movement tasks. In some cases, the actors also use TrickBot malware to carry out post-exploitation tasks.

How OpenText protects you

As always, OpenText’s security solutions are designed to help find information no matter where it is buried to effectively conduct investigations, manage risk, and respond to incidents. By understanding the mindset of threat actors and the tactics, techniques, and procedures (TTPs) they employ, we can provide unparalleled identification and remediation of risks.

OpenText uses behavior-based detections in our managed extended detection and response (MxDR) platform, which allows us to detect threat actors earlier in the cyber kill chain and prevent attackers from infecting business operations. OpenText MxDR continuously runs threat simulations against our detection platform to ensure our visibility and detections are the best possible.

Our OpenText Network Detection and Response gives customers network visibility to detect threats, provide network telemetry, and metadata.

Overall, in all instances, we provide our customers the ability to protect, detect, and respond to any threat.  

OpenText’s commitment

OpenText remains committed to helping businesses and organizations operate safely, wherever their data travels.

With data as the currency of information in the modern world, we embrace the idea that we are all connected, and must collectively take responsibility for maintaining a trusted state for commerce, government, and other communications within civil society.

For more information

OpenText can help your business stay prepared and in a trusted state by initiating threat hunting and Managed XDR services for real-time detection and rapid response.

Contact us at any time to speak with one of our skilled security experts.

Share this post

Share this post to x. Share to linkedin. Mail to
OpenText Security Cloud Team avatar image

OpenText Security Cloud Team

See all posts

More from the author

Dissecting IcedID behavior on an infected endpoint

Dissecting IcedID behavior on an infected endpoint

IcedID, also known as BokDot, is a banking trojan that was first discovered in 2017. It targets a victim’s financial information and it is also…

March 30, 2023 4 minutes read
Technology meets tenacity

Technology meets tenacity

Technology alone won’t defeat cybercriminals. Effective cybersecurity isn’t something you buy off the shelf, set, and forget. To secure your data, you must be proactive,…

November 3, 2022 4 minutes read
OpenText MxDR platform: a team player

OpenText MxDR platform: a team player

There’s a truism in the cybersecurity sector that says enterprise technology stacks are so large because the market demanded big-stack solutions. Convenience, fiscal constraints, and…

November 1, 2022 3 minutes read

Stay in the loop!

Get our most popular content delivered monthly to your inbox.