Can security programs detect HermeticWiper?

March 14, 2022
| No comments
Can security programs detect HermeticWiper?

Share post

The Austrian IT security test laboratory AV-Comparatives has tested the protection against the recently discovered malware HermeticWiper. The data-wiping malware has been used in international targeted attacks, such as in Ukraine. Their goal is not to steal money or data, but simply to render victims' computers unusable.

HermeticWiper abuses the services of a legitimate company that produces hard drive partitioning software. This type of utility can create, modify and delete the data storage areas (partitions) on a computer's system disk. HermeticWiper uses (unauthorized) this useful utility to corrupt the boot information of the system disk, making the computer unbootable. The malware then overwrites the partitions on the hard drive, making the data on it unreadable even if the hard drive is transferred to an uninfected computer. To avoid detection, HermeticWiper also uses a digital code-signing certificate (an indicator of genuine, non-malicious software), which appears to have been stolen.

19 enterprise products and 17 end user packages tested

AV-Comparatives conducted a test in which programs from vendors in the Main Test Series for consumers and companies were tested for protection against variants of HermeticWiper.

Enterprise endpoint security manufacturer

Acronis, Avast, Bitdefender, Cisco, CrowdStrike, Cybereason, Elastic, ESET, Fortinet, G Data, K7, Kaspersky, Malwarebytes, Microsoft, Sophos, Trellix, VIPRE, VMware and WatchGuard.

Consumer antivirus manufacturer

Avast, AVG, Avira, Bitdefender, ESET, G Data, K7, Kaspersky, Malwarebytes, McAfee, Microsoft, NortonLifeLock, Panda, Total Defense, TotalAV, Trend Micro and VIPRE.

The HermeticWiper malware threats have been tested using the Real-World Protection Test Framework developed by AV-Comparatives. All tested products were able to effectively protect the system against multiple variants of HermeticWiper malware.

More at AV-Comparatives.org

 

About AV-Comparatives

AV-Comparatives is an independent AV test laboratory based in Innsbruck, Austria, and has been publicly testing computer security software since 2004. It is certified according to ISO 9001: 2015 for the area of ​​"Independent tests of anti-virus software". It also has EICAR certification as a "Trusted IT Security Testing Lab".

 

Matching articles on the topic

Cybersecurity platform with protection for 5G environments

Cybersecurity specialist Trend Micro unveils its platform-based approach to protecting organizations' ever-expanding attack surface, including securing ➡ Read more

Data manipulation, the underestimated danger

Every year, World Backup Day on March 31st serves as a reminder of the importance of up-to-date and easily accessible backups ➡ Read more

Printers as a security risk

Corporate printer fleets are increasingly becoming a blind spot and pose enormous problems for their efficiency and security. ➡ Read more

The AI ​​Act and its consequences for data protection

With the AI ​​Act, the first law for AI has been approved and gives manufacturers of AI applications between six months and ➡ Read more

Windows operating systems: Almost two million computers at risk

There are no longer any updates for the Windows 7 and 8 operating systems. This means open security gaps and therefore worthwhile and ➡ Read more

Test: Security software for endpoints and individual PCs

The latest test results from the AV-TEST laboratory show very good performance of 16 established protection solutions for Windows ➡ Read more

AI on Enterprise Storage fights ransomware in real time

NetApp is one of the first to integrate artificial intelligence (AI) and machine learning (ML) directly into primary storage to combat ransomware ➡ Read more

DSPM product suite for Zero Trust Data Security

Data Security Posture Management – ​​DSPM for short – is crucial for companies to ensure cyber resilience against the multitude ➡ Read more

PR News
, , , , , ,