Skip to main content
Submitted by admin on August 22, 2024

Overview

 Destructive malware presents a direct threat to an organization’s daily operations, directly impacting the availability of critical assets and data. Organizations should increase vigilance and evaluate their capabilities encompassing planning, preparation, detection, and response for such an event. This publication is focused on the threat of enterprise-scale distributed propagation methods for malware and provides recommended guidance and considerations for an organization to address as part of their network architecture, security baseline, continuous monitoring, and Incident Response practices.

While specific indicators and modules related to destructive malware may evolve over time, it is critical that an organization assess their capability to actively prepare for and respond to such an event.

Potential Distribution Vectors

Destructive malware has the capability to target a large scope of systems, and can potentially execute across multiple systems throughout a network. As a result, it is important for an organization to assess their environment for atypical channels for potential  malware delivery and/or propagation throughout their systems. Systems to assess include:

  • Enterprise Applications – particularly those which have the capability to directly interface with and impact multiple hosts and endpoints. Common examples include
    • Patch Management Systems,
    • Asset Management Systems,
    • Remote Assistance software (typically utilized by the corporate Help Desk),
    • Anti-Virus,
    • Systems assigned to system and network administrative personnel,
    • Centralized Backup Servers, and
    • Centralized File Shares.

While not applicable to malware specifically, threat actors could compromise additional resources to impact the availability of critical data and applications.  Common examples include:

  • Centralized storage devices
    • Potential Risk – direct access to partitions and data warehouses;
  • Network devices
    • Potential Risk – capability to inject false routes within the routing table, delete specific routes from the  routing table, or remove/modify configuration attributes - which could isolate or degrade availability of critical network resources ...Click Here
Type

About

Kenya Education Network CERT(KENET-CERT) is a Cybersecurity Emergency Response Team and Co-ordination Center operated by the National Research and Education Network of Kenya. KENET-CERT coordination center promotes awareness on cybersecurity incidences as well as coordinates and assists member institutions in responding effectively to cyber security threats and incidences. KENET-CERT works closely with Kenya's National CIRT coordination center (CIRT/CC) as a sector CIRT for the academic institutions. KENET promotes use of ICT in Teaching, Learning and Research in Higher Education Institutions in Kenya. KENET aims to interconnect all the Universities, Tertiary and Research Institutions in Kenya by setting up a cost effective and sustainable private network with high speed access to the global Internet. KENET also facilitates electronic communication among students and faculties in member institutions, share learning and teaching resources by collaboration in Research and Development of Educational content.