A new report has revealed that the incidents of destructive malware incidents affecting businesses around the world have been rising at an unprecedented scale with industrial targets becoming the prey of growing cybersecurity threats.
IBM’s X-Force IRIS incident response team published new research, which discusses the data they have collected from the cybersecurity incidents they have assisted in the past year. The study revealed that the rising of the so-called destructive malware is undeniable and has been affecting organizations across different industries all over the world.
The 20-page report characterizes a “destructive malware” as “malicious software with the capability to render affected systems inoperable and challenge reconstitution.” They said that includes variants that cause destruction through the deletion or wiping of files that are critical to the operating system’s ability to run. “They may overwrite the Master Boot Record (MBR), similar to the Shamoon malware, thereby corrupting the device’s hard drive partition code and rendering it inoperable,” they added.
Destructive malware attacks are rising at an alarming rate
The data from X-Force IRIS shows an alarming rate of malicious malware incidents, including wipers, a kind of ransomware that destroy the files of the victims when demands are not met. When compared to the second half of 2018 (July to December), the first half of 2019 (January to June) has seen an increase of 200 percent in the number of malicious malware incidents that the company has assisted with.
Interestingly, out of all the cases the X-Force IRIS response team have assisted in, half of them (50%) are from the manufacturing industry. Other sectors affected by destructive malware include oil & gas and education and from countries in Europe, the United States, and the Middle East.
Furthermore, the data released by IBM showed that there is a spike in the incidents of ransomware in the second half of 2019 as new strains of ransomware such as LockerGoga and MegaCortex have started victimizing organizations around the globe. The number of incidents was determined to be more than double the number as compared to the previous six months.
“X-Force IRIS incident response data indicates that ransomware attack calls to our emergency response hotline have more than doubled over the past twelve months, with an increase of 116% from the second half of 2018 compared to the first half of 2019,” the report reads.
“While not all ransomware attacks incorporate destructive malware, the simultaneous increase in overall ransomware attacks and ransomware with destructive elements underscores the enhanced threat to corporations from ransomware capable of permanently wiping data.”
Worse, based on the analysis of the team, they are expecting that not only are the number of destructive ransomware would increase, but the attacks will also intensify in the next five years. They cite the “perceived success of cybercriminal groups currently using these tactics” and the proliferation of different malware and ransomware in underground forums and the dark web as the reason for their conclusion.
Attackers are human, not robots
IBM reveals that the attacks are growing in intensity and sophistication as threat actors are becoming more creative and smart in their tactics and their cover-up strategies. In a silver lining, the team said that these attackers are still human and are not robots.
“We have tracked changes in behavior by destructive malware attackers when they find incident responders are conducting detection and containment work on networks they have compromised. They lose composure, unwittingly reveal their actions, and react in ways that can prevent them from accomplishing their objectives.”
Moreover, the researchers also believed that these destructive actors are acting on their thirst for revenge and are motivated by the financial gains from these attacks. This understanding, the researchers said, is what will help organizations “foresee and handle a potentially destructive malware attack.”
The report also reveals that these threat actors reside in their targeted environment months prior to their actual attacks, “giving them ample time for internal reconnaissance where they map out the infrastructure and find ways to achieve their objectives.” However, the researchers said that in the flipside, the time they spent in target networks also give defenders enough time and significant opportunity to detect and neutralize the threat before it can take effect.
“There are two forms of targeted attacks in the destructive world: ‘I need to be low and slow until I gather the information I need and plan out my attack ‘[…] or, ‘I’m going to drop in, release, and let it go wild,” said Christopher Scott Global Remediation Lead, IBM X-Force IRIS.