A wave of new attacks using BiBi malware has been detected in recent days in Israel. These are four new variants of the malware that are not recognized and caught by antivirus engines, according to the VirusTotal platform.
The Bibi malware is a Wiper type malware designed to delete and corrupt data in the attacked systems. Unlike other types of malware, which aim to steal or spy on data, Wiper malware is specifically created to cause damage, and it is very difficult to recover the damaged data following the attack.
Harmful BiBi was developed by a group of hackers identified as pro-Hamas with the beginning of the war in October, with the intention of expressing support for the Hamas organization, and the attacks focused on Israeli companies with the aim of causing them as much damage as possible by deleting and corrupting file data and information and disrupting the operating systems of Israeli companies without Ransom request. The first discovery that targeted Linux systems at the beginning of the war was signed by Cyber Security Joe. Later, a malicious version was also developed for Windows systems.
The modus operandi of the malicious is to move between files in the system and corrupt them, when at the end of the process in every file corrupted by the malicious, the extension of the file becomes BiBi. In addition, the attacker deletes all Shadow Copies, changes the boot policy of the victim's system and finally disables the options for automatic recovery. These techniques used by the attackers prevent the victim from performing system restores and reduce the ability to restore sensitive files, information, servers.
Now it turns out that the group of hackers is still active and continues to produce new versions of the malicious. The latest disclosure is signed by Symantec.
According to Idan Malihi, a security researcher at the cyber company CyFox, which specializes in providing information security solutions based on artificial intelligence, "Against the background of the ongoing war, the newly discovered malware is targeting small to large Israeli organizations, with the intention of destroying as much information and content as is in the company's infrastructure." Currently , he says, the names of organizations that have been attacked by the new variants of BiBi Wiper have not yet been discovered, but this does not mean that there are no such companies.
© 2024 News In Israel - Israeli News In English. All Rights Reserved.