IBM’s X-Force IRIS incident response team published new research looking at recent cyberattacks they had assisted with.
It was revealed that Industroyer, NotPetya, or Stuxnet, where three types of malicious code which had been designed primarily to cause damage, instead of data theft. The types of damage included crashing PCs, causing services to be inoperable, and the deletion of files.
“Historically, destructive malware such as Stuxnet, Shamoon, and Dark Seoul was primarily used by nation-state actors,” the researchers say. “However, especially since late 2018, cybercriminals have been incorporating wiper elements into their attacks, such as with new strains of ransomware like LockerGoga and MegaCortex.”
Of all the cases the researchers looked at, 50% of recorded cases related to industrial companies. It is evident that organisations within the manufacturing sector are a constant target, with oil, gas and education organisations more at risk.
The research estimated that an average of over 12,000 workstations will be damaged, if an organisation is hit by a successful, destructive cyberattack, with recovery time taking 512 hours, whilst in some extreme cases, recovery time has lasted up to 1,200 hours.
It was identified that phishing emails were the most common initial infection vectors, with some hackers hiding within the corporate system for months before initiating their attacks, whilst some launching an attack almost immediately after gaining entry.
“There are two forms of targeted attacks in the destructive world: “I need to be low and slow until I gather the information I need and plan out my attack’ […] or, “I’m going to drop in, release, and let it go wild,” said Christopher Scott, Global Remediation Lead at IBM X-Force IRIS.
Article originally published on PrivSec:Report
PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.
For more information on upcoming events, visit the website.