The FBI and the Cybersecurity and Infrastructure Security Agency have released a joint advisory offering guidance on how U.S. organizations can detect and safeguard networks against WhisperGate and HermeticWiper malware used to launch attacks on organizations in Ukraine.
Organizations should assess and strengthen their cybersecurity posture against these destructive malware that could impact the availability of critical data and assets, CISA said Saturday.
The FBI and CISA have called on organizations to implement multifactor authentication; establish antivirus and antimalware programs to carry out regular scans; update software; filter network traffic; and enable strong spam filters to stop phishing emails from reaching end users, among other measures.
“In the wake of continued denial of service and destructive malware attacks affecting Ukraine and other countries in the region, CISA has been working hand-in-hand with our partners to identify and rapidly share information about malware that could threaten the operations of critical infrastructure here in the U.S.,” said Jen Easterly, director of CISA and a 2022 Wash100 Award winner.
Easterly added that the FBI, international computer emergency readiness team partners and public and private sector partners at the Joint Cyber Defense Collaborative are working together to help organizations reduce their risks of cyberthreats.
CISA said it integrated into the updated Shields Up webpage new resources and additional recommendations for CEOs and corporate leaders to protect critical assets and set up a technical guidance webpage to provide information on cyberthreats facing Ukraine.