Security researchers are warning biological production facilities around the world that they are targeted by a new and sophisticated breed of malware, known as Tardigrade.
God warning Comes from the Center for the Sharing and Analysis of Non-Profit Bioeconomics Information (BIO-ISAC) which revealed that at least two large facilities working on the production of biological drugs and vaccines were hit this year by the same malware, in what appeared to be targeted attacks. .
Charles Praccia, founder of BioBright and board member of BIO-ISAC, says Tardigrade is an APT aimed at Windows computers in the bioeconomics and biological production sector “using tools of unprecedented sophistication and stealth”.
At first Tardigrid may be mistaken for a ransomware attack (unfortunately too common), but what sets it apart is its sophistication and autonomy. And unlike ransomware – if Tardigrid makes any attempts to extort money from its victims, they seem to be half-hearted, with much more interest on data extraction and spying on its victims.
Security researchers say Tardigrade appears to be a version of the SmokeLoader malware family, but is much more autonomous – able to decide for itself to select files for modification, and move across the organization and take other actions such as pasting USB drives. Than to rely on a command and control center.
Prachia Told stringy Stradigrid took things to a new level:
“It almost certainly started with espionage, but it hurt everything – disruption, destruction, espionage, all of the above. This is without a doubt the most sophisticated malware we’ve seen in this space.
Attacks against pharmaceutical and bioeconomic companies occurred around the world during the epidemic, as malicious attackers found that the sector was poorly protected compared to its increased value to the company.
For now, while states are struggling to protect their citizens from COVID-19, no one is publicly pointing out who might be responsible for Tradigrid attacks. Instead the focus is on spreading the rumor about the threat, for fear that other biological production facilities will be harmed.
Analysis of exactly what Tardigrade is capable of doing continues, but researchers working with BIO-ISAC say they felt it was right to post a public disclosure after seeing the continued spread of the attack.
Primary infections seem to occur through poisoned e-mail, which trickes recipients into opening a file. But Tardigrade’s malware can spread across networks, even catching USB sticks.
Malware researcher Kelly Churchwell says one of the methods Tardigrade uses for lateral spread was network sharing and that it “creates folders with random names from a list (for example: ProfMargaret Predovic)”
BIO-ISAC recommends at-risk biological manufacturing organizations to review their network segmentation, determine from them the “crown jewels” to be protected within their company, check and make offline key infrastructure backups, find out about delivery times for key biological infrastructure components. Need to replace or upgrade, and “let’s say you’re a target.”
Editor’s note: The opinions expressed in this author’s article are solely those of the donor, and do not necessarily reflect those of Tripwire, Inc.
