Blog

Proactive Preparation and Hardening to Protect Against Destructive Attacks

Matthew McWhirt, Daniel Smith, Omar Toor, Bryan Turner
Jan 14, 2022
2 mins read
prevention
Detection
Response
Mandiant

In light of the crisis in Ukraine, Mandiant is preparing for Russian actors to carry out aggressive cyber activity against our customers and community. Russia regularly uses its cyber capability to carry out intelligence collection and information operations, but we are particularly concerned that as tensions escalate, they may target organizations within and outside of Ukraine with disruptive and destructive cyber attacks.

Threat actors leverage destructive malware to destroy data, eliminate evidence of malicious activity, or manipulate systems in a way that renders them inoperable. Destructive cyber attacks can be a powerful means to achieve strategic or tactical objectives; however, the risk of reprisal is likely to limit the frequency of use to very select incidents. Destructive cyber attacks can include destructive malware, wipers, or modified ransomware.

Our latest white paper, Proactive Preparation and Hardening to Protect Against Destructive Attacks, provides hardening and detection guidance to protect against a destructive attack within an environment. The focus areas outlined within this white paper include:

  • Identification, authentication best-practices, and detection opportunities for external-facing applications and services
  • Critical asset protections and detection opportunities – including:
    • Recovery and reconstitution planning
    • Segmentation between IT and OT environments
    • Egress restrictions
    • Protections for virtualization infrastructure
  • On-premises lateral movement techniques, protections, and detection opportunities
  • Credential protections and detection opportunities

The recommendations and guidance include practical and scalable methods that can help protect organizations from not only destructive attacks, but potential incidents where a threat actor is attempting to perform reconnaissance, escalate privileges, laterally move, maintain access, and achieve their mission.

Download the white paper today! 

We’ll also be discussing this topic in greater depth in a special webinar on Thursday, January 20 at 2pm ET. Please register to attend. For all registrants, the webinar will be available afterwards on-demand, should you be unable to attend.

Acknowledgments

The authors would like to thank Nick Bennett, Chris Linklater, and Juraj Sucik for their valuable feedback and technical review.