Life in wartime: update your antivirus
I said it and said it again. The reason people write and distribute malware is to make money. Banking Trojans interfere with your online transactions and siphon off your money. Spyware steals and sells your personal information. A ransomware attack turns your important documents into gibberish and demands cash to return them. This is true when the aggressor is an individual or a criminal group.
There is however an exception if the attacker is a nation-state. Malware can be used for international espionage, it’s true, but it can also function as the cyber warfare equivalent of a bombardment, destroying data and even hardware infrastructure. A data erasure attack is happening right now in Ukraine. With the widespread distribution of this dangerous software, however, individual thugs will have no trouble procuring a copy for more personal uses completely disconnected from warfare. Viewers who don’t like something you’ve said in a podcast can ignore hateful comments and go straight to wiping your production computer, unless you’ve installed an up-to-date antivirus solution.
Bombs in the cybersphere
What is this malware that is wreaking havoc in Ukraine? Experts have determined that it works by damaging the part of a hard drive that makes the rest of the drive readable, an area called the Master Boot Record, or MBR. According to Sentinel One researchers, it can also actively damage files in common folders such as My Documents, but even without further damage, “the victimized system should be unusable at this point of execution.”
Simple defenses like disallowing apps that aren’t digitally signed won’t work, because that app at a digital signature. The certificate is legitimately signed, with the company name “Hermetica Digital Ltd.” Hence the name Hermetic Wiper. Little or nothing is known about the company; the certificate may have been stolen.
Where many types of malware include features to help it spread on a large scale, Hermetic Wiper stays where it’s placed. Attackers actively break into systems and install Hermetic Wiper, much like sappers can plant bombs.
Any decent antivirus should fend off attacks from all kinds of malware. But just like with ransomware, there is no room for error when a data eraser is involved. It’s not great when your antivirus has missed a brand new Trojan or virus, but an update usually fixes the problem within hours or days. When your computer has been blocked by a data eraser, this upgrade is of no use to you.
Recommended by our editors
Fortunately, a study by the AV-Comparatives test lab indicates that popular antivirus tools are up to the challenge. The researchers tested 17 popular consumer antivirus products (Avast, AVG, Avira, Bitdefender, ESET, G Data, K7, Kaspersky, Malwarebytes, McAfee, Microsoft, Norton, Panda, Total Defense, TotalAV, Trend Micro, and VIPRE). In a blog post, AV-Comparatives reported that all of these products effectively protected against several Hermetic Wiper variants. The same goes for 19 popular enterprise endpoint security products (Acronis, Avast, Bitdefender, Cisco, CrowdStrike, Cybereason, Elastic, ESET, Fortinet, G Data, K7, Kaspersky, Malwarebytes, Microsoft, Sophos, Trellix, VIPRE, VMware and WatchGuard).
Army Surplus Cyber Weapons
Just as militias and the like can get their hands on military-grade weapons, legally or illegally, malware factories will have no problem acquiring Hermetic Wiper. I don’t see cyber protection rackets as likely (“Nice website you have here. It would be a shame if something happened to it.”) But I can absolutely see individuals or groups bombarding sites they don’t do not approve. Even if you don’t express yourself in, say, a podcast or TikTok stream that leads malcontents to specifically target you, you can still become collateral damage unless you keep your antivirus active and up to date.
Do you like what you read ?
Sign up for Security Watch newsletter for our top privacy and security stories delivered straight to your inbox.