CISA: Organizations should review Microsoft malware warning

The Cybersecurity & Infrastructure Security Agency Sunday advised U.S. critical infrastructure organizations to review a Microsoft blog on malware identified in Ukraine and take action to strengthen their networks against potential cyber threats. The Microsoft Threat Intelligence Center Saturday reported evidence of destructive malware in systems belonging to several Ukrainian government agencies and organizations that work closely with the Ukrainian government. The malware is disguised as ransomware but, if activated by the attacker, would render the infected computer system inoperable.

John Riggi, AHA's national advisor for cybersecurity and risk, said, "As we have seen in the past, destructive malware targeting the Ukraine can spread rapidly across the globe. It is again strongly recommended to assess any direct, 3rd party business associate connections and email contacts in the Ukraine and that region of the world. Consider blocking such connections. Although, geo-fencing for all inbound and outbound traffic related to Ukraine and that region may help mitigate direct cyber risk presented by this threat, it will have limited impact in reducing indirect risk, in which the malware transits through other nations, proxies and third parties. Thus, increased monitoring of networks and incident-response preparedness is also strongly recommended."

For more information on this or other cyber and risk issues, contact Riggi at [email protected].