If you’ve noticed a recent uptick in cyberattacks targeting infrastructure and government facilities, you’re not alone. Aside from utilizing more sophisticated capabilities, the attacks are being staged at an alarming frequency.
Now, according to a new study by IBM’s X-Force Incident Response and Intelligence Services (IRIS) team, destructive attacks devised with an intent to wipe data and shut down systems have increased by a whopping 200 percent over the past six months.
IBM said 50 percent of the malware attacks were in the manufacturing, oil and gas, and education sectors. Most of the destructive attacks observed by the team have taken place in Europe, the US, and the Middle East.
The use of destructive malware and ransomware can cost affected organizations $239 million on average, the researchers said. This is 61 times costlier than the average cost of a data breach ($3.92 million), based on a report released by IBM Security last month.
The severity of the incidents can translate to multinational companies losing access to as many as 12,000 devices, in addition to devoting at least 512 hours for incidence response and remediation, researchers report, citing analysis of publicly disclosed cyberattacks.
The malicious code deployed in these cases can result in data loss, render enterprise devices inoperable, cripple device functions, and lock down systems in return for a ransom payment. Some examples of destructive malware include NotPetya, Stuxnet, Shamoon, and Dark Seoul.
The cyber espionage group Strontium (aka Fancy Bear or APT28) in particular has been notorious for their involvement in the NotPetya attacks against Ukranian banks and infrastructure in June 2017.
Going beyond nation-states
While the use of such malware was restricted to state-sponsored hacking groups for bringing down geopolitical rivals, IBM researchers warn that — since late 2018 — the attacks are expanding beyond nation-states. What’s more, cybercriminals appear to be incorporating destructive components, such as wiper malware.
“This is especially true for cybercriminals who use ransomware, including strains such as LockerGoga and MegaCortex,” the report cautioned. LockerGoga hit several companies early this year, leading them to order hundreds of new computers after being locked out by the ransomware.
The findings are consistent with a report published by F-Secure last week, which disclosed how organized criminal actors inspired by North Korean hacking groups are mounting a wide array of targeted cyberattacks against the global finance industry with an aim to steal data and sabotage trading systems.
The need for cybersecurity preparedness
With cybercriminals primarily leveraging phishing emails and password-guessing (aka credential stuffing) as the infection vectors to gain initial entry, detecting such threats early on can help mitigate the impact of the attacks.
But the researchers also observed watering hole attacks and scenarios where third parties with a connection to the true target were compromised before mounting a malicious attack (called a supply chain attack) — all suggestive of a highly targeted malware campaign.
In a similar development, security firm Crowdstrike cautioned how nation-state hacking groups are increasingly targeting mobile devices in an effort to conduct espionage, intelligence gathering and sabotage of selected targets.
Understanding the threat landscape is one thing. But it goes without saying companies need to proactively formulate strong countermeasures to reduce the risk of fallout from such attacks.
Whether be it by implementing multi-factor authentication to secure accounts, or isolating critical network infrastructure, or by ensuring timely data backups, having well-tailored security controls in place across the organization can ensure preparedness at “both tactical and strategic levels for a destructive malware attack.”