Malware could attempt to take down networks on August 24
ISSP says in a notification posted on its website (translation needed) that it discovered malware on the website belonging to the parent company of Crystal Finance Millennium, an accounting software broadly used across the country by several companies and government departments.
The malware, which doesn’ t have a name just yet, has been spotted on the website and could be used to push the infection to clients using the said software. At the time of publishing this article, the page is down, as it appears to have been suspended by the hosting company, likely in an attempt to block the spread of malware.
The security firm says there’s a chance a large-scale attack starts on August 24 and recommends customers using the accounting software to block the link and software updates in the coming days.
The new cyberattack could be a follow-up to the previous two ransomware attacks that eventually infected thousands of systems not only in Ukraine, but also in Europe and in the United States as well.
The most recent was based on ransomware called Petya (also referred to as NotPetya) , which took several Ukrainian systems offline after infecting machines using a different accounting software. The infection quickly spread through a number of corporate networks beyond the borders of Ukraine, eventually taking down systems belonging to large organizations in Europe.
At this point, little is known about the malware itself and whether it’s based on a known vulnerability in Windows, but if the attack attempts to exploit the same security flaws as WannaCry and Petya, patching systems and bringing them up-to-date could help block the infection.
Ukraine’s central bank warned last week that it discovered new malware that could be used to trigger a new large-scale attack using infected Microsoft Word documents delivered as email attachments.
