As tanks hit Ukraine, so did malware. Microsoft disclosed that it detected a round of offensive and destructive cyberattacks targeting Ukraine’s digital infrastructure. The malware package, which the company named FoxBlade, was launched only hours before Russia launched its first missile attacks last week. The malware could also affect computers outside of Ukraine.
The malware package had never been seen before, Microsoft’s Threat Intelligence Center (MSTIC) said, noting that it added new signatures to its anti-malware service to detect FoxBlade in just three hours of the discovery. Specifics of the malware aren’t known, but Microsoft said it can use your PC for distributed denial-of-service attacks.
Microsoft President and Vice-Chair Brad Smith said in a blog post that the company’s “principal and global responsibility” is to help governments and countries to defend themselves from cyberattacks. This role was highlighted last week in Ukraine, he added, as the government, as well as organizations and individuals, were under attack.
“In recent days, we have provided threat intelligence and defensive suggestions to Ukrainian officials regarding attacks on a range of targets, including Ukrainian military institutions and manufacturers and several other Ukrainian government agencies.,” Smith said. “These recent and ongoing cyberattacks have been precisely targeted.”
Smith said Microsoft is “especially concerned” about cyberattacks on Ukrainian civilian digital targets, such as emergency response services, enterprises, the agriculture sector, and the financial sector. The tech giant also detected cyber efforts to steal a wide range of sensitive data sets, including insurance, health, and transportation-related information.
The company is also sharing information with US officials in Washington and NATO officials in Europe, building on their work to address cyber activity against Ukrainian targets. Smith said they will continue to “constantly update” all of Microsoft’s services, including their Defender service, to protect against any potential spread of malware.
Beyond malware, Microsoft is also working to tackle “state-sponsored disinformation” by removing content from Russian state media such as Russia Today (RT) and Sputnik from MSN.com and other Microsoft services like the Widgets menu. The company has removed RT’s apps from the Windows Store, and RT content is being deprioritized in Bing searches.
“The past few days have seen kinetic warfare accompanied with a well-orchestrated battle ongoing in the information ecosystem where the ammunition is disinformation, undermining truth and sowing seeds of discord and distrust. This requires decisive efforts across the tech sector as well as with governments, academia, and civil society,” Smith wrote.
Building on previous work
The malware attack didn’t catch Microsoft off guard, as the tech giant has been working hard over the past few years on increasing the security features of Windows PCs. In 2019, for example, it launched the “secured-core PC” initiative, focused on guarding against firmware-level attacks – relatively uncommon but very nasty when they happen.
But the list goes on. The system requirements of Window’s 11 mandate support for several supported-but-optional security features from Windows 10. Microsoft said it implemented these requirements because of the NotPetya data-wiping malware, which targeted hundreds of companies and hospitals worldwide in 2017 – including Ukraine’s power grid.
“As we look to the future, it’s apparent that digital technology will play a vital role in war and peace alike. Like so many others, we call for the restoration of peace, respect for Ukraine’s sovereignty, and the protection of its people. We not only look toward but will work for a future where digital technology is used to protect countries and peoples,” Smith wrote.
For people around the world, the best thing to do is update your Windows (if you use it) to make sure you benefit from the added protection. With cyber warfare being more common than ever, your devices have never been as vulnerable. Stay safe.
