Tsunami

The "Tsunami" malware, named after its destructive nature, has been a significant cybersecurity threat. This malicious software is designed to exploit and damage computer systems, often infiltrating them through suspicious downloads, emails, or websites. Identified by a series of MD5 hashes, the malware includes components such as xmrigDeamon, Bioset, dns3, xmrigMiner, docker-update, dns, 64[watchdogd], 64bioset, 64tshd, armbioset, armdns, armtshd, tntscan, SystemHealt, and AVscan. The malware has been linked to various illicit activities, including online gambling operations run by Chinese gangs in Southeast Asia. On October 2, 2023, the Federal Acquisition Regulation (FAR) Council—consisting of the Department of Defense (DoD), General Services Administration (GSA), and National Aeronautics and Space Administration (NASA)—issued two proposed rules in response to the increasing cybersecurity threats. This regulatory wave was described as a "tsunami of cybersecurity regulation." Amid these developments, Tim Grieveson, former CSO & SVP Information Security at AVEVA and now Global Cyber Risk Advisor at Bitsight, emphasized the importance of not only protecting organizations but also complying with the rapidly growing global cyber regulations. The Tsunami malware has been used in numerous DDoS attacks over the past decade, causing significant disruption. It has been associated with threat actors like KNOTWEED | Denim Tsunami, who actively exploited vulnerabilities. The malware's impact has been compared to a DDoS attack—an online tsunami that can last for days or even months, inundating any business. Moreover, it poses a risk to managed service providers (MSPs), potentially granting threat actors access to customer environments, similar to the Kaseya attacks businesses faced in 2021.