Mandiant CEO Shares How Russian Wiper Malware Is Evading Ukrainian EDR, Antivirus
Russia has relied on blunt-force cyberattacks in Ukraine to inflict maximum damage rather than turning to new techniques. In many cases, Ukrainian defenders are flying blind because Russian wiper malware is designed to evade most security controls, said Mandiant CEO Kevin Mandia.
The Russian foreign intelligence service’s cyber operations were less aggressive in other parts of the world in the months following the country’s February 2022 invasion of Ukraine, but activity has accelerated recently, according to Mandia. Inside Ukraine, cyber defenders have faced eight or nine different types of wiper malware designed and crafted to evade EDR and antivirus technologies, he said (see: Execs Say Google-Mandiant Deal to Merge Threat Intel, SecOps).
“How do you maintain optimism when all you do every day is figure out, ‘Now, what do we do on defense?'” Mandia said. “You’re playing goalie, and the offense has unlimited penalty kicks at you. It is exhausting. So how do you find an equilibrium where you can just manage through it at a steady state? What you have to do is keep morale up.”
In this video interview with Information Security Media Group, Mandia also discussed:
- How Russian cyber activity has changed over the course of the Russia-Ukraine war;
- How Chinese cyber actors have shifted tactics during the war;
- Why adversary dwell time in victim environments has shrunk significantly.
Mandia has served as CEO since 2016 and led the company’s rebranding from FireEye to Mandiant in 2021. He has spent more than 25 years in information security helping make organizations secure from cyberthreats. Mandia has held senior positions in the security consulting divisions of Sytex, acquired by Lockheed Martin, and Foundstone, acquired by McAfee. In the U.S. Air Force, Mandia served as a computer security officer at the Pentagon and later as a special agent in the Air Force Office of Special Investigations.