Jump to Content
Threat Intelligence

Proactive Preparation and Hardening to Protect Against Destructive Attacks

January 14, 2022
Mandiant

Written by: Matthew McWhirt, Daniel Smith, Omar Toor, Bryan Turner


In light of the crisis in Ukraine, Mandiant is preparing for Russian actors to carry out aggressive cyber activity against our customers and community. Russia regularly uses its cyber capability to carry out intelligence collection and information operations, but we are particularly concerned that as tensions escalate, they may target organizations within and outside of Ukraine with disruptive and destructive cyber attacks.

Threat actors leverage destructive malware to destroy data, eliminate evidence of malicious activity, or manipulate systems in a way that renders them inoperable. Destructive cyber attacks can be a powerful means to achieve strategic or tactical objectives; however, the risk of reprisal is likely to limit the frequency of use to very select incidents. Destructive cyber attacks can include destructive malware, wipers, or modified ransomware.

Our latest white paper, Proactive Preparation and Hardening to Protect Against Destructive Attacks, provides hardening and detection guidance to protect against a destructive attack within an environment. The focus areas outlined within this white paper include:

  • Identification, authentication best-practices, and detection opportunities for external-facing applications and services
  • Critical asset protections and detection opportunities – including:
    • Recovery and reconstitution planning
    • Segmentation between IT and OT environments
    • Egress restrictions
    • Protections for virtualization infrastructure
  • On-premises lateral movement techniques, protections, and detection opportunities
  • Credential protections and detection opportunities

The recommendations and guidance include practical and scalable methods that can help protect organizations from not only destructive attacks, but potential incidents where a threat actor is attempting to perform reconnaissance, escalate privileges, laterally move, maintain access, and achieve their mission.

We also discussed this topic in greater depth in a special webinar you can watch on demand.

Acknowledgments

The authors would like to thank Nick Bennett, Chris Linklater, and Juraj Sucik for their valuable feedback and technical review.

Posted in