Are you ready for state-sponsored zombie malware attacks?

Junaid Islam August 21, 2017

On January 4, 2017 CTO Vision published a blog post titled “Are you ready for a state-sponsored cyber attack?” In hindsight, the blog post should have been titled “Are you ready for state-sponsored zombie malware attacks?”

Zombie malware combines the most deadly aspects of malware and zombie computers into one horrible mess. Typically malware gets into a compute device via phishing or email attachment which limits the scale of the attack. In contrast, zombie malware autonomously hunts for vulnerable systems across LAN, WiFi and VPN connections. Once zombie malware finds a system to infect, it utilizes the new host to scan for other systems which can be anywhere on the globe.

Another key aspect of zombie malware is the lack of a control channel to manage its destructive path (unlike zombie computers used in DDoS attack). Subsequently zombie malware just destroys anything it can connect to. For example, the NotPetya started on Ukraine government systems but then quickly spread around the globe.

Given the last three zombie malware attacks were outside the USA on older Windows XP systems one might be led to believe the American companies are safe. Unfortunately the combination of global supply chains and BYOD make American companies highly vulnerable to zombie malware. More important, the posting of CIA’s Vault 7 files on Wikileaks was designed to escalate the number of zombie malware attacks by broadcasting vulnerability information to cyber combatants. In short, America’s enemies are attempting to launch a zombie apocalypse by increasing number and lethality of malware attacks.

Countermeasure against autonomously hunting malware (or how to stop zombie apocalypse)

Building on the five countermeasures from the original January 2017 blog post, here some additional items you should be implementing to avoid the zombie apocalypse.

Deploy endpoint protection. There is a new generation of endpoint protection systems that is not reliant on signatures (and thanks to the Wikileaks the new attacks won’t have any). While you can’t do anything about BYOD or supply chain partners devices, at least the devices that manage your critical assets will be safe.

Lock down LAN, WiFi and VPN networks. A key feature of zombie malware is its lateral movement capability that allows it to autonomously traverse LAN, WiFi and VPN networks. Enabling “port isolation” which is a standard features on enterprise switches is recommended. Additionally VPN connections should be filtered so that only authorized applications can utilize them.

Limit access privileges. If you allow a user access to everything, any zombie malware on their device will also get to everything. Implement role-based access control on your data center and cloud systems. Ensure you have solid east-west partitioning in place.

Allow only application layer access. Only authorized applications from a user’s device should have access to network and application resources. Consider moving away from the older network access VPN model to newer application layer access solutions like software defined perimeter.

Backup data to offline stores. Backing up to the cloud is easy and inexpensive. But as more American assets migrate to the cloud, the bigger the target it becomes for a malware attack. You must have an offline data backup so that you can re-start your organization if there’s a catastrophic failure. And hopefully you’ve remembered to store away a few servers and laptops to do this.

Winter is here.

About Junaid Islam

Junaid Islam, veteran Counter Terror Operations, Secure Communications Expert

Gain Powerful Insights Into The Future With OODA Loop’s Technology Tracking

In a continuation of our journey to bring the best, most actionable technology content to enterprise decision-makers we have merged our research and reporting activities into the OODAloop.com site (both CTOvision.com and OODAloop.com are owned and operated by OODA LLC). CTOvision will focus only on one small niche, a vision for a technology enabled future. […]

CTOvision and OODA: Big Changes Coming Soon

In a continuation of our journey to bring the best, most actionable technology content to enterprise decision-makers we are merging our research and reporting activities into the OODAloop.com site (both CTOvision.com and OODAloop.com are owned and operated by OODA LLC). This will give our community access to the same technology summaries we currently produce as […]

Give Your Career A Boost By Learning From Experienced Decision Makers

Our video and audio podcast, the OODAcast, provides content that can help accelerate your career and improve your decision making. The series is based on interviews of some of the greatest most accomplished enterprise technologists we can find. We ask questions designed to pull out lessons applicable to accelerating the career of any professional. We […]

Think Twice Before Deciding To Use A Personal VPN: You could be getting some really bad advice

From the 1930s to 1950s (far too long) the medical community just would not wake up to the fact that cigarettes could cause harm (see More Doctors Smoke Camels). Why did they stick with this misperception for so long? When so many good people come to the wrong conclusion it probably means some deeply human […]

Please help spread the word: USNI and NIP Essay Contest: This year’s challenge area a key one for the nation

Please help share the content at this link to any thinker/writer you know: 2020 Information Warfare Essay Contest This contest is open to all contributors, active-duty, military, reservists, veterans, and civilians. Generally the winners have had a solid understanding of the nature of modern conflict, but really any thinkers/writers should look over the contest and […]

Centripetal wins historic $2.6-$3.2 Bil vs. Cisco Systems; largest US patent infringement award to date

Editor’s note: I am proud to say I have a history with Centripetal Networks serving on their board and then later as an advisor. It was horrible to learn that a Tech Titan like Cisco was infringing on their patents. It is good now to see when the facts were reviewed justice was done. -bg […]

Super Bowl Ads Indicate Big Businesses Think You Are Afraid of AI

Tom Loftus provided an insightful review of some of Super Bowl ads in the 4 Feb 2019 Wall Street Journal. Like AI parody in SNL, these ads really poked fun at computers: Seriously, did anyone catch the commercials? If the Super Bowl is the zeitgeist, then it is safe to say that America is not […]

HBO’s Westworld: The Man In Black is a special kind of Twitter user

HBO’s Westworld is a modern take on the Michael Crichton SciFi tale of a robotic amusement park. The HBO version has a new twist. The creators/writers were all exposed to years of Twitter, which has influenced every episode and the entire arch of two seasons of the show. Now that season two is wrapping up, […]

All Enterprise Techies Should Watch HBO’s SciFi Epic Westworld: It will help us dialog over shared experiences on what we will not be creating

Westworld season one was a great mix of science fiction and drama and action and it was done in a way that should help people think through many tech ethics questions, like how do we want to treat our robots? Does treating robots with violence change our nature? Can robots become sentient? HBO has a […]

Related