The Widespread of Wipers: Why It Matters For Enterprises


Organizations should consider deception technology, a strategy in which cyber attackers are lured away from an enterprise’s true assets and instead, diverted toward a decoy or a trap.

Researchers have noticed a rising trend of wiper malware deployment concurrent with the Russia-Ukraine conflict in the first half of this year. Those wipers haven’t remained in one location; they are now spreading throughout the world, underscoring the fact that cybercrime has no national boundaries. These share objectives with the Russian military despite not being officially attributed to state-sponsored threat actors in Russia. There is widespread speculation that these cyberattacks are being launched purposefully in tandem with the invasion.

Critical infrastructure is being increasingly targeted by these wiper varieties.

There are several best practices organizations are urged to implement to minimize the impact of wiper malware.

Having backups on hand is the best defense against ransomware and wiper malware. Malware frequently actively searches for backups on the system or on the network to obliterate. Backups must be kept offline and off-site in order to withstand sophisticated attacks.

Awash with wipers

The use of wiper malware has undoubtedly increased significantly as a result of the conflict in Ukraine; according to FortiGuard Labs research, at least seven new wiper variants were used in campaigns against governmental, military, and commercial targets in the first half of 2022. That almost equals the total number of publicly reported wiper variants since 2012.

Also Read: Surge in IT Costs, Indian Companies Encountered More Cyberattacks

The following are among these variations:

  • CaddyWiper: Shortly after the start of the war, malicious actors used this variant to wiper data and partition information from drives on systems belonging to a small number of Ukrainian organizations.
  • WhisperGate: This malware, which was used to target Ukrainian organizations, was found by Microsoft in mid-January.
  • HermeticWiper: This boot failure tool was discovered targeting Ukrainian organizations in February, according to Sentinel Labs.
  • IsaacWiper: A malware program that overwrites data on attached storage devices like hard drives to make them unusable.

WhisperKill, Double Zero, and AcidRain are three additional variants that researchers have seen that target Ukrainian businesses and organizations.

Wipers without borders

Wiperware activity is not just happening in Ukraine. Attacks like these are capable of crossing borders, whether they are those between nations or between IT and OT.

Teams responsible for enterprise security need to get ready. Wipers are extremely dangerous due to their very nature and the way they are used, despite the fact that they have been detected less frequently than other types of cyberattacks so far. Wiper malware is used by bad actors for a variety of purposes, including sabotage, the destruction of evidence, cyberwar, and financial gain. The first wiper software, Shamoon, made it crystal clear how wipers could be used as tools for cyber sabotage. Shamoon also demonstrated how the same wiper could resurface years after its initial use.

Variants such as GermanWiper and NotPetya have shown how wipers can be employed to try and extort money from victims, such as by “pretending” to be ransomware.

Avoid being eliminated by Wiperware

Wipers’ self-propagation potential is one factor to take into account. If it’s a worm-like NotPetya, it can spread itself to other computers after being released. And after that, it becomes uncontrollable. Organizations should “increase vigilance” and “evaluate their capabilities encompassing planning, preparation, detection, and response for wiper attacks,” according to a February CISA warning about the direct threat wipers pose.

One of the most effective countermeasures for organizations to lessen the effects of wiper malware is the integration of advanced detection and response capabilities that are driven by AI and ML and are supported by actionable threat intelligence to protect across all edges of hybrid networks.

Another defense that can be used on various levels is network segmentation. It can, for instance, limit lateral movement and keep the impact of an attack to just one area of the network.

Organizations should also consider deception technology, a strategy in which cyber attackers are lured away from an enterprise’s true assets and instead, diverted toward a decoy or a trap. The decoy imitates authentic servers, programs, and data to make the bad actor believe they have gained access to the real thing.

In addition, services like a digital risk protection service (DRPS) can aid in assessing external surface threats, fixing security problems, and gaining contextual insights on impending dangers.

Also Read: The Evolving Role of CISOs in a Flourishing Cybercrime World

Don’t skimp on incident response

In the event that wiper malware affects an organization, the effectiveness and speed of incident response are crucial. It might determine how the attack turns out. The significance of incident response and the plans for it cannot be overstated. This should include clear procedures for maintaining business operations without IT as well as a strategy for how backups will be restored and incident response will be handled.

Going forward

Wiper software can be used to harm and interfere with crucial infrastructure, and it already is. The actions taken here are a part of broader cyberwarfare initiatives. Wiper malware samples occasionally “pretend” to be ransomware, employing many of the same strategies, techniques, and procedures as ransomware, but without allowing for file recovery. The overall conclusion is that wiper software is being used for both monetary gain and cyber sabotage, and it can have extremely negative repercussions.

For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.