Wiper attacks make ransomware look mild
After the US launched a drone attack that resulted in the death of Iran’s top military general a few days ago, Iran promised vengeance against the US. On Tuesday of this week, Iran made good on their vow with a military strike on air force bases in Iraq, inhabited by US and Iraqi military personnel. Thankfully, it appears no one was killed. The world waits to see if and what more there may be from either side.
Just as the military and citizens worldwide must continue to remain vigilant, it would be foolish for companies, organizations, and critical infrastructures to not also be on high alert 24/7 for possible cyber strikes from Iran, specifically naming wiper attacks. Warnings to that effect are coming out multiple times a day.
We just exited a year where numerous organizations suffered severe ransomware attacks and 2020 shows every sign of the pattern escalating. Companies particularly at risk and that have faced the wrath of these ransomware attacks include government and city agencies, healthcare organizations and education facilities. Emsisoft estimated last month that ransomware attacks had cost these types of organizations over $7.5 billion last year. Their count of those experiencing ransomware hits in 2019 comes to 759 in healthcare, 103 in state and local government, and 86 in universities and schools.
Companies such as these – and others – need to be constantly on guard of attack, and now, especially “wiper” attacks that can make organizations wish for ‘only’ a ransomware attack.
Iran Has Prior Experience with Wiper Attacks
At least two wiper attacks in the past have been credited to Iran previously. The first was in 2012 against Saudi Aramco that brought down 30,000 computers. The attack, known as Shamoon, was one of the most damaging wiper attacks to date.
The second was in 2014, brought against the Sands casino in Las Vegas after the owner suggested Iran should be hit by nuclear missiles. The casino attack trashed operations, bringing down PCs, servers, email and phones.
With these attacks on record, sounding the alarm is justified. And it’s not only Iran who could bring the next one, but also sympathizing hackers who support the Iranian government.
Iran has conducted other cyber attacks too. In September 2017, the Iranian government-sponsored hacking group APT33 successfully launched phishing attacks against companies in the US, Saudi Arabia and South Korea. Their cyber espionage efforts had gone on for more than six months and successfully gained access to a US organization in the energy sector, had gone after an oil refinery and petrochemical business company in South Korea and an aviation holding company in Saudi Arabia.
Upping the Ante on Ransomware
Wiper malware worsens ransomware because it essentially makes a ransomware attack unrecoverable. In a traditional ransomware attack, a victim has some options, undesirable though they may be. They may be able to rely on a reliable backup or they might opt to pay the ransom to get their data back. Or perhaps their fast actions at the start of the attack preserved a good portion of their data at the outset.
But with wiper malware, the malicious code is programmed to wipe out not only data, but the existing system entirely, “wiping it” clean so their system can no longer be used or recovered. Not even backups can be restored because all records, including boot files, are wiped out.
Iran’s Increasingly Criminal Intent
Cyber attacks in general are worsening both in scope and in kind. In some cases, the motivation isn’t merely to steal data or money, it’s to cause as much destruction as possible. Losing critical data is bad enough, but losing your entire network raises the bar drastically.
The sparring between the two nation states has been escalating for months. Earlier warnings about wiper attacks from Iran came out last year, and the threat has increased with the turnover into 2020. Organizations are well advised to conduct immediate assessments of their security levels and act accordingly to address any area of weaknesses.
Virsec’s Provides Unique and Effective Application, Runtime and Memory Protection
Virsec takes a unique approach to guard-railing your applications and countering a broad spectrum of cyber attacks, including ransomware attacks.
Only Virsec Security Platform Delivers:
- Protection of application workflows, processes, file systems, libraries, memory and more at runtime
- Precise attack remediation and automation early in the attack cycle without need for expert analysis or machine learning
- Deterministic threat detection based on request deviations initiated by malicious code, remote hackers, files and trusted processes no matter how attacks originate.
Data breaches and ransomware attacks are the among the biggest threats organizations face today. Our demo shows a multi-step ransomware attack in action using advanced hacking tools. See how Virsec security platform can instantly spot this attack at every stage and stop it. If you are interested in partnering with Virsec, we invite you to consider doing so – before you face the unfortunate situation of a ransom demand or if you are in the process of recovering.
Further resources:
Iranian APT33 Launch Phishing Attack on Aviation, Energy Industries
Solution Brief: Ransomware Protection
In the Face of a Ransomware Attack, Can Your Defenses Prevail?
It’s October, Cybersecurity Awareness Month, & Ransomware Is the Biggest Fight We’re Losing
Ransomware Attacks Rising Against Many Cities, Striking Local Governments & School Campuses
MegaCortex Ransomware Worsens — Hackers Change Users’ Passwords & Make Blackmail Demands
MegaCortex Malware Strikes Business Networks, Does Damage Both as Ransomware and Disk Wiper
LockerGoga Ransomware Slams Industrial Firms in Europe with Devastating Impact
Source:
https://www.govinfosecurity.com/interviews/preparing-for-potential-iranian-wiper-attacks-i-4566
https://www.govinfosecurity.com/dhs-conflict-iran-could-spur-wiper-attacks-a-12682
