Cyberattacks designed to cause damage have doubled in the past six months and 50 percent of organizations affected are in the manufacturing sector, researchers say.
On Monday, IBM's X-Force IRIS incident response team published new research based on recent cyberattacks they have been called in to assist with, and the main trend the group is witnessing is the rise of destructive malware.
These forms of malicious code, such as Industroyer, NotPetya, or Stuxnet, are designed to cause damage rather than purely for covert surveillance or data theft. Functions may include locking systems, crashing PCs, rendering services as inoperable, and the deletion of files.
"Historically, destructive malware such as Stuxnet, Shamoon, and Dark Seoul was primarily used by nation-state actors," the researchers say. "However, especially since late 2018, cybercriminals have been incorporating wiper elements into their attacks, such as with new strains of ransomware like LockerGoga and MegaCortex."
IBM says that during the first half of 2019 the use of such malware has doubled in comparison to the second half of 2018,
Manufacturing entities appear to be a constant target of these attacks, of which 50 percent of cases recorded relate to industrial companies. Organizations in oil, gas, and education are also more at risk of being subject to wipers and destructive attacks.
The majority of cases observed by IBM have taken place in Europe, the US, and the Middle East.
The most common initial infection vectors are phishing emails, the theft of credentials required to enter an internal network, watering hole attacks, and the successful compromise of third parties with a connection to the true target. Some hackers will lurk in corporate systems for months before launching a malicious attack, whilst others will wreak havoc the moment they gain entry.
"There are two forms of targeted attacks in the destructive world: "I need to be low and slow until I gather the information I need and plan out my attack' [...] or, "I'm going to drop in, release, and let it go wild," said Christopher Scott, Global Remediation Lead at IBM X-Force IRIS.
It is estimated that when an enterprise company is hit by a successful, destructive cyberattack, on average, over 12,000 workstations will be damaged in some way and it can take 512 hours or more to pick up the pieces after such an incident.
In some of the most severe cases X-Force has been involved in, recovery time can stretch to as many as 1,200 hours.
With so much at stake, it is no wonder the price can be high for the largest companies, with the average, estimated cost reaching $239 million. The Ponemon Institute estimates an average data breach will cost $3.92 million, a stark comparison IBM says underscores just how much more expensive destructive malware infections can be.
Previous and related coverage
- GreyEnergy: New malware campaign targets critical infrastructure companies
- This 'most dangerous' hacking group is now probing power grids
- Half of industrial control system networks have faced cyberattacks, say security researchers
Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0