"According to reporting of trusted third parties, HIDDEN COBRA actors have likely been using both Joanap and Brambul malware since at least 2009 to target multiple victims globally and in the United States—including the media, aerospace, financial, and critical infrastructure sectors."
Brambul and Joanap: Potential Malware Impact
The potential impact from Brambul and Joanap can be quite serious, according to the report, including such potential fallout as:- temporary or permanent loss of sensitive or proprietary information,
- disruption to regular operations,
- financial losses incurred to restore systems and files; and
- potential harm to an organization’s reputation.
Brambul and Joanap: Malware Risk Mitigation
To mitigate such threats, DHS and FBI officials say MSSPs and organizations should:- Keep operating systems and software up-to-date with the latest patches. Most attacks target vulnerable applications and operating systems. Patching with the latest updates greatly reduces the number of exploitable entry points available to an attacker.
- Maintain up-to-date antivirus software, and scan all software downloaded from the internet before executing.
- Restrict users’ abilities (permissions) to install and run unwanted software applications, and apply the principle of least privilege to all systems and services. Restricting these privileges may prevent malware from running or limit its capability to spread through the network.
- Scan for and remove suspicious email attachments. If a user opens a malicious attachment and enables macros, embedded code will execute the malware on the machine. Enterprises and organizations should consider blocking email messages from suspicious sources that contain attachments.
- Disable Microsoft’s File and Printer Sharing service, if not required by the user’s organization. If this service is required, use strong passwords or Active Directory authentication.
- Enable a personal firewall on organization workstations and configure it to deny unsolicited connection requests.