Select Page
In light of Sandworm’s attempted attack on Ukraine’s power grid using a new version of Industroyer malware, “Industroyer2”, Nozomi Networks’ Threat Intelligence team created the following rapid update to help facilitate the safety and security of our customers.

The latest Nozomi Networks Threat Intelligence package provides Industroyer2 Indicators of Compromise (IoCs) rules that will detect and alert customers of any known activity linked to the malware. There have been reports of some hardcoded IPs in the malware sample, which is an indication that the threat actors had intimate knowledge of the environment in which they were deploying. Nozomi Networks will provide additional information and coverage once the relevant samples are analyzed in-depth.

Electrical power lines against a yellow sunset sky

Sandworm’s attack on Ukraine’s power grid using Industroyer2 is a reminder for ICS owners and operators to stay vigilant.

Stay Protected and Resilient

Here are some ways companies can increase their protection right now:

  • Basic cyber hygiene: reset passwords, check employee and vendor account/network access and permissions, scan the network for any open ports and close/secure them, etc.
  • Utilize YARA rules to search for and generate alerts on associated malware activity
  • Use anomaly detection tools to detect any changes or variations to malware, as well as any irregular activity occurring in OT environments
  • Use an automated firewall in conjunction with an anomaly detection tool to stop further attack commands
  • Threat hunt for suspicious activity in your network; this can potentially help to discover attackers early on

We also recommend adhering to CISA’s 2017 advisory if those security measures have not been implemented already.

Nozomi Networks will continue to monitor the situation and provide updates on what we are seeing, as well as recommendations the OT industry can use to protect their networks.

Related Content
Nozomi Networks Labs’ new OT/IoT Security Report covers cyberattack trends, vulnerability research, and best practices in remediation efforts.
RESEARCH REPORT

OT/IoT Security Report

Trends and Countermeasures for Critical Infrastructure Attacks

  • Insights on ransomware and software supply chain attacks in 2H 2021
  • OT/IoT vulnerability research and exploitation trends
  • Suggested remediation strategies