The malware attack on SolarWinds earlier this year caused a load of challenges and headaches, and now that time has passed and the dust has settled somewhat, Microsoft has uncovered another type of malware associated with the attack. This one is called FoggyWeb.
What does FoggyWeb do and what can we learn about this threat?
In April, researchers found that the SolarWinds attack was performed by the Russian Foreign Intelligence Service (SVR). Various modules were used by the attack group, a collective known as Nobelium. Nobelium includes different types of malware like GoldMax, GoldFinder, and Sibot. In addition to other malware previously discovered,these include Sunburst/Solorigate, Teardrop, and Sunspot. The latest addition to this – FoggyWeb — is a malware that installs a backdoor on already compromised systems.
Backdoors give hackers the ability to influence all kinds of aspects within your organization. They can access your network at any point in the future, provided the backdoor is not discovered. This backdoor can be used to install malware, access sensitive data, spy on your network, and so on. These are incredibly dangerous, especially over extended periods of time. Imagine how much damage they can do over the course of a year or longer.
FoggyWeb itself is used to steal credentials and configurations from compromised systems. These credentials give hackers the ability to access infrastructures long after the malware has been purged from the system, as they can simply use the credentials to control access and perform other tasks without being uncovered. FoggyWeb can also receive commands remotely, making it capable of concealment and pulling off even more dangerous antics.
The best way to protect your business is to keep a lookout for suspicious activity on your network, prioritize access controls, and deploy powerful enterprise-grade security solutions designed to mitigate the majority of threats on your network. If this sounds complicated, don’t worry—with us on your side, it’s anything but!
Computerware can provide your organization with the tools and services needed to make security a top priority. We can implement, maintain, and monitor your solutions to guarantee that your systems are as best protected as can be. To learn more, go to: https://www.cwit.com/blog, or reach out to us at (703) 821-8200.
Alan Edwards, CISM, is chief information officer at Computerware, Inc., in Vienna, Virginia.