The National Security Agency and the Department of Defense have issued a warning about Russian cyber espionage malware known as Drovorub. This malware provides file download and upload capabilities to external actors when deployed on a victim Linux system. It utilizes a number of means of concealing itself once implanted and is resilient to rebooting. Drovorub is proprietary malware developed for use by the Russian General Staff Main Intelligence Directorate (GRU).
Recommended Mitigations
To mitigate Russian cyber espionage malware The NSA has made the following recommendations:
- System administrators should continually check for and run the latest version of vendor-supplied software for their computer systems. This should include updating to Linux Kernel 3.7 or later in order to take full advantage of kernel signing enforcement.
- System owners are advised to configure systems to load only modules with a valid digital signature.
- UEFI Secure Boot should be activated to ensure that only signed kernel modules can be loaded.
Nation State Sponsored Cyber Espionage
China has been in the spotlight of late on the subject of state sponsored cyber attacks. This attention is well deserved. China has been responsible for more than 90 percent of cyber espionage in the United States. Furthermore this activity has increased since the beginning of 2020 as tensions in trade have ramped up between the two countries. China, however is not the only player in this game. Russia, North Korea, and Iran are major players as well.
Russia and China has both targeted organizations involved with corona virus vaccine development in the United, States, United Kingdom, and Canada. This activity is widely believed to be an effort to steal intellectual properties and disrupt organizations’ activities. Of course the medical community is not the only sector at threat. Commercial, governmental, and defense related cyber espionage is growing rapidly. This results in losses in the trillions of dollars annually.
CVG Strategy
CVG Strategy provides cybersecurity solutions for businesses. We can assist in establishing Information Security Management Systems (ISMS) that meet your organization’s requirements. Our experts in ISO 27001 and NIST 800-171 provide effective consultant services. We can also help your with CMMC Certification. Contact Us to see how we can help.