10/26/17 UPDATE: For more details on the Bad Rabbit attacks, including our Labs analysis and discoveries, you can read the blog post here.
Cyber attacks using malware called “Bad Rabbit” were reported in Ukraine and Russia beginning Tuesday, October 24th, causing disruptions to Ukraine’s transportation infrastructure, Russian media outlets, and several other organizations. Our Security Labs team is investigating the attacks and will have updates forthcoming. Security Labs have added the following protection updates in light of this attack:
- Real Time updates detect injections on websites compromised to serve the attack
- URL categorization for domains and strings that are hosting malicious components
- Malicious files are detected as W32/DiskCoder.A.gen!Eldorado and W32/DiskCoder.B.gen!Eldorado
This appears to be one of the biggest attacks since the Petya/NotPetya cyber attack in June 2017 that first hit Ukraine and spread around the world. In October of 2016 Forcepoint Security Labs warned of the perils of rogue software updates being delivered by automated software update mechanisms in our Freeman Report.
We will continue to see massive attacks with economic, employee and public safety ramifications. And the methods will continue to evolve, including the evasive methods to hide their activity as well as their true intent. The trick will be to better understand the human points in these attacks. The intent or motivations of the attackers can range broadly including financial gain, revenge, political or hacktivism. Understanding these intentions can help shape our security strategies. But it is even more important to understand the human point we call the ‘user.’ How do they interact with the Internet, and with various applications? What privileges do they need, and how do they use the privileges they have? This is a key part of how researchers predict future shifts in the threat landscape. Understanding your organization’s ‘human point’ can produce more effective security strategies.