New Threat Profile: Russian TTPs/Destructive Malware
by Holly Spiers
Geopolitical unrest often results in significant cyberattacks as well as more traditional warfare techniques. This is most recently evident within Russia’s invasion of Ukraine which includes a widespread attack campaign leveraging destructive malware that began in mid-January and is aimed at disrupting Ukrainian infrastructure, financial institutions, and government organizations. In addition, Russia has made threats to retaliate with additional cyber attacks against Western countries who try to interfere in their efforts.
As we’ve seen with previous Russian-sponsored cyberattacks such as NotPetya, the attacks rarely stay within intended borders given the connected nature of the world’s digital ecosystem. And while businesses in other countries may not be the intended target, these attacks can affect third parties creating collateral damage for the companies using those third parties. While maintaining proper cybersecurity hygiene and having a proactive approach to threat detection and response is important, being able to quickly identify which third parties are at risk of being compromised is equally critical. The best way to do this is not through an additional third-party assessment, but with a tool that can help to focus specifically on how your third parties are covered in relation to controls being exploited in the specific attack.
Russian TTPs/Destructive Malware Threat Profile
To help companies react quickly to recognize these threats, CyberGRX has created a new threat profile, available in the Framework Mapper Library, where these different lenses can be accessed to view vendor control data with new dimensionality. The Russian TTPs/Destructive Malware threat profile covers Russian APT TTPs, NotPetya and WhisperGate MITRE Techniques. This resource allows a company to pull a report for individual third parties to view their coverage of controls and techniques that have specifically been identified as those exploited in historical and recent Russian cyberattacks.
In addition to the Russian TTPs/Destructive Malware Threat Profile, CyberGRX also offers threat profiles aligned with recent cyberattacks including REvil Ransomware – Kaseya Supply Chain Attack, SolarGate, CodeCov, and Accellion as well as general attacks such as DDoS and ransomware. These profiles provide a view of how the third party rates against each identified control known to be exploited in these attacks. Companies can filter by those controls that are missing/absent and follow up with the third party to request remediation.
If you’re a current member of the CyberGRX Exchange working to manage cyber risk based on your third-party portfolio, you can evaluate your most critical and high risk third parties using our Auto Inherent Risk (AIR) Insights feature. From there, you can apply the threat profile to those third parties to see the gaps and then collaborate with them to ensure those risks are mitigated before they are exploited.
If you’re an Exchange member operating as a third party who is managing your organization’s cyber reputation, you can apply the threat profile to your own profile on the Exchange and proactively upstream share to communicate your coverage status to your customers.
Talk to a CyberGRX expert today about how threat profiles can help you to defend yourself differently.