[APAC] A Look at Cyberwarfare Actions and Detection Using HermeticWiper Malware

Presented by

Peter McNaull & Nick Cavalancia

About this talk

Months before Russia’s invasion of Ukraine, security analysts spotted several variants of “wiper” malware/ransomware targeting Ukrainian government agencies and organizations, with HermeticWiper being one of the most prominent. Seen as an act of preemptive cyberwarfare to cripple the country’s ability to operate, these kinds of malware specifically target modifying the master boot record and deleting the file system – making affected endpoints and servers inoperable. While organizations outside of Ukraine are unaffected, we’ve already seen examples of double-extortion ransomware attacks threatening to use similar “wiping” tactics if a ransom is not paid. So, how can you detect wiper malware and, more broadly, related ransomware? In this real training for free webcast, Microsoft MVP, Nick Cavalancia takes my seat as he discusses: · A brief history of wiper malware · Recent wiper attacks and their impact · Where these attacks fit into the MITRE ATT&CK Framework Nick will be joined by Peter McNaull, Director of Sales Engineering at LogRhythm who will provide a deep-dive look at the actions HermeticWiper takes in these types of attacks. Peter will cover the key indicators and behavior patterns used to identify both HermeticWiper (and ransomware in general), including the following actions: · Gathering intel about the host system · Establishing persistence · Installation of drivers · Disabling of system features that enable recovery · Thrashing the target system
Related topics:

More from this channel

Upcoming talks (1)
On-demand talks (257)
Subscribers (76941)
LogRhythm helps security teams stop breaches by turning disconnected data and signals into trustworthy insights. From connecting the dots across diverse log and threat intelligence sources to using sophisticated machine learning that spots suspicious anomalies in network traffic and user behavior, LogRhythm accurately pinpoints cyberthreats and empowers professionals to respond with speed and efficiency. With cloud-native and self-hosted deployment flexibility, out-of-the-box integrations, and advisory services, LogRhythm makes it easy to realize value quickly and adapt to an ever-evolving threat landscape. Together, LogRhythm and our customers confidently monitor, detect, investigate, and respond to cyberattacks. Learn more at logrhythm.com