New form of data wiper malware linked to attack on Viasat

New form of data wiper malware linked to attack on Viasat

Posted on



A newly discovered form of data wiper malware has been linked to an attack that caused widespread outages on the Viasat satellite internet service last month.

The Viasat KA-SAT network was partially disrupted on Feb. 24, days after Russia invaded Ukraine. The attack impacted several thousand customers in Ukraine and tens of thousands of customers across Europe. The attack also caused an outage of 5,800 wind turbines in Germany due to their reliance on remote monitoring using Viasat.

That Russian hackers were behind the attack was always suspected but more details have come to light.

Security researchers at SentinelOne Inc. have detailed new malware which they have dubbed “AcidRain,” describing it as a modem wiper that rained down on Europe. AcidRaid is an executable and linkable format million instructions per second malware designed to wipe modems and routers.

AcidRain has developmental similarities to a VPNFilter stage 3 destructive plugin. VPNFilter was a form of malware used in attacks in 2018 and has been linked by the U.S. Federal Bureau of Investigation and the Department of Justice to the Russian government.

Officially Viasat denies that malware is involved. In a blog post, the company said it had found “no evidence of any compromise or tampering with Viasat modem software or firmware images and no evidence of any supply-chain interference” in the attack. It further claimed that the disruption was caused by an attack using internal network access “to execute legitimate, targeted management commands on a large number of residential modems simultaneously.”

Viasat claims that the attacker’s destructive command overwrote data in flash memory in the modems, rendering the modems unable to access the network but not permanently unusable.

The SentinelOne researchers disagree and claim that the threat actor used the KA-SAT management mechanism in a supply-chain attack to push a wiper designed for modems and routers. The AcidRain wiper, in this case, overwrites key data in the modem’s flash memory, rendering it inoperable and in need of reflashing or replacing.

“Despite Viasat’s statement claiming that there was no supply-chain attack or use of malicious code on the affected routers, we posit the more plausible hypothesis that the attackers deployed AcidRain (and perhaps other binaries and scripts) to these devices in order to conduct their operation,” the researchers conclude.

Discussing the news, Chris Hallenbeck, chief information security officer for the Americas at cybersecurity and systems management company Tanium Inc. told SiliconANGLE that the risk is that an attack such as this can spread further than its original target.

“Avoiding the fallout of an errant cyberattack that adversely affects other nations is an important consideration for the Kremlin,” Hallenbeck said. “The Russian military regime is unlikely to risk an overt confrontation with NATO and an uncontained cyberattack that accidentally impacts a member has the potential to change the entire dynamic of the war in an instant.”

“The use of destructive malware can prove difficult to contain and go far beyond its intended purpose,” Hallenbeck explained. “The now infamous Stuxnet attack, for example, was discovered because the malware exceeded its intended targets, but it was designed well enough to prevent its disruptive capabilities from running rampant.”

“As the conflict with Ukraine evolves, the risk/reward calculation by Russia could shift towards less concern for potential consequences of their malicious cyber campaigns,” Hallenbeck added.” Fortunately, we don’t seem to be there yet, but there should be a keen sense of awareness that Russia has a mature and capable computer network operations program that makes this a credible threat.”

Image: Viasat

Show your support for our mission by joining our Cube Club and Cube Event Community of experts. Join the community that includes Amazon Web Services and Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger and many more luminaries and experts.



Source link

Leave a Reply

Your email address will not be published. Required fields are marked *