March’s cybersecurity roundup includes discussions of cyber warfare in the Russia-Ukraine conflict, which the US government warns as possibly extending to affect the internet assets of companies and institutions in other countries, including American ones. We also discuss how organizations can protect themselves from these emerging cyber threats.
Ukrainian government websites receive DDoS attacks
In the first week of March, Ukrainian government websites were subject to continued distributed denials of service (DDoS) attacks from suspected Russian hackers. Massive DDos attacks to the websites of Ukrainian government websites and banks were initially reported last February 24. A DDos attack occurs when multiple machines disrupt the services of a host connected to a network resource by overwhelming the target computer with traffic until it ends up crashing. Common targets are major web servers such as banks and government sites; services affected include online banking, email, and website access. Ukraine’s State Service of Special Communications and Information Protection (SSSCIP) revealed that the March DDoS attacks targeted websites of government institutions including the parliament, the presidency, and the cabinet. SSL.com’s Takeaway: The best method for governments to protect their websites, data, and transactions is by acquiring tried and tested Public Key Infrastructure (PKI) services from cybersecurity professionals. Head over to our PKI and Digital Certificates for Government article to learn how we help government institutions strengthen their cybersecurity through PKI.Wiper malware attacks Ukrainian companies
Last March 22, the Computer Emergency Response Team of Ukraine (CERT-UA) warned of a new type of wiper malware which was being used to attack Ukrainian organizations. Named DoubleZero, this malware invades computers through phishing tactics and proceeds to erase Windows registries and shut down the infected system. In their March 22 warning, CERT-UA explains how DoubleZero operates: “It uses two methods to destroy files: overwriting files with zero blocks of 4096 bytes (FileStream.Write method) or using API-calls NtFileOpen, NtFsControlFile (code: FSCTL_SET_ZERO_DATA). First, all non-system files on all disks are overwritten. After that the list of system files on a mask is made, their sorting and the subsequent rewriting in the corresponding sequence is carried out. The following branches of the Windows registry are destroyed: HKCU, HKU, HKLM, HKLM \ BCD. Finally, the computer shuts down.” SSL.com’s Takeaway: We advise all organizations to be vigilant of potential phishing campaigns which are often used to deliver crippling malware such as wipers. You can read our article Protect Yourself From Phishing to learn how you can detect and counter phishing attacks.Stolen NVIDIA code signing certificates being used to sign malware
Two code signing certificates from NVIDIA are being used to sign various types of malware after they have been released online. The online leak was committed by cybercrime gang Lapsus$ which was able to get hold of the certificates through its February 23 ransomware attack on NVIDIA. The two code signing certificates were used by NVIDIA to sign their drivers and executables and were part of 1TB of the company’s private data that Lapsus$ was able to steal. They leaked the certificates after NVIDIA refused to enter into negotiations with them. Upon Lapsus$’ leak of the code signing certificates, other hackers began using these to sign multiple types of malware including Mimikatz, remote access trojans, and Cobalt Strike beacons. One hacker was found to have used the certificate to sign a Quasar remote access trojan. Lapsus$ is also known for attacking the websites of Brazil’s Ministry of Health and Impresa (Portugal’s largest media conglomerate), as well as stealing 190 GB of data from Samsung. SSL.com’s Takeaway: As explained by BleepingComputer, Microsoft requires kernel-mode drivers to be code signed before these can be loaded by the operating system. This is where SSL.com’s Extended Validation Code Signing certificates can offer added protection. Our EV code signing certificates offer the highest level of authentication and security available in signing code. Check out the full features of our EV Code Signing Certificates.SSL Manager Gets Upgraded to Version 3.2
SSL Manager is SSL.com’s multi-purpose Windows application designed to make managing, installing and deploying digital certificates intuitive. With SSL Manager being upgraded to version 3.2, it can now work together with Yubikey to get clients their certificates faster to a token. Before, clients used to have to do the attestation on a Yubikey directly on Yubikey Manager, submit it to SSL.com website manually, inform the support team, and wait for the new issuance. Now, SSL Manager 3.2 can do all the mentioned processes directly for Yubikey. SSL Manager 3.2 now fully allows you to generate key pairs and order and install EV code signing and Adobe-trusted document signing certificates on YubiKey FIPS USB tokens. Specifically, SSL Manager 3.2 can:- Generate key pair in Yubikey device (RSA2048, ECCP256, ECCP384)
- Generate key attestation using Yubikey device
- Create an order for a certificate with key attestation
- Import certificate to Yubikey device
