Share This:

Cybersecurity Threat Advisory

Israel has recently been the target of cyberattacks involving a wiper malware that was previously observed to target both Linux and Windows systems. The wiper, named “BiBi-Windows Wiper”, has been used by a pro-Hamas hacker group in the wake of the ongoing Israel-Hamas war. This Cybersecurity Threat Advisory will look at the threat in detail and protection recommendations.

What is the threat?

BiBi-Windows Wiper is part of a wider data-wiping attack on Israeli computers destroying data on both Linux and Windows systems. It is primarily targeting the education and technology sectors. The wiper malware also causes irreversible data corruption and operational disruption on almost all files. The malware simply overwrites the original file with random bytes to prevent their recovery, followed by renaming the files using a ten-character long sequence of random letters containing the “BiBi” string, with no possible method to recover it. The malware also switches off the “Error Recovery” mode and deactivates the “Windows Recovery” feature.

Why is it noteworthy?

According to researchers, the malware profiles a host’s processor to determine how many threads can be erased in a data-wiping attack, supporting as many as 12 threads on 8 cores. The only files that cannot be targeted are those with .EXE, .DLL, and .SYS extensions, possibly because doing so would render the computer unusable, thus preventing the hacktivists from spreading their message.

What is the exposure or risk?

The malware is part of a broader campaign targeting Israeli businesses to disrupt their day-to-day operations as a response to their war with Hamas. The malware’s infection vector remains unknown. Despite the campaign primarily centering around Israeli IT and government sectors, many participating groups have been known to target multiple business sectors in Israel.

What are the recommendations?

Barracuda MSP recommends the following actions to limit the effectiveness of BiBi-Windows Wiper:

  • Regularly update both Linux and Windows systems to patch known vulnerabilities.
  • Regularly and securely back up critical data, ensuring routine testing of backup processes to guarantee their efficacy in system restoration and mitigate the impact of potential data loss.
  • Utilize Barracuda XDR Endpoint Security solution to proactively identify and block malicious activity.

References

For more in-depth information on the above recommendations, please visit the following links:

If you have any questions about this Cybersecurity Threat Advisory, please contact Barracuda XDR’s Security Operations Center.


Share This:
Zachary Beaudet

Posted by Zachary Beaudet

Zachary is a Cybersecurity Analyst at Barracuda MSP. He's a security expert, working on our Blue Team within our Security Operations Center. Zachary supports our XDR service delivery and is highly skilled at analyzing security events to detect cyber threats, helping keep our partners and their customers protected.

Leave a reply

Your email address will not be published. Required fields are marked *