Researchers say the devastating power of cyberattacks has doubled in the past six months, and that 50% of the affected organizations are manufacturing industry. Based on near-stage cyberattacks, IBM’s X-Force Incident Response and Intelligence Services (IRIS) released a new security research report this Monday, emphasizing that disruptive malware is exploding. Through the analysis of malicious code, malicious programs such as Industroyer, NotPetya or Stuxnet are no only purely stolen data and secret monitoring but also cause more destructive damage. These actions include locking the system, crashing the PC, rendering the service inoperable, and deleting files.
Researchers said that:
“From 2010 until 2018, we primarily observed nation-state actors employing destructive malware to further state interests, often to cause harm to a geopolitical opponent, keeping some plausible deniability on their side. With infamous strains such as Stuxnet, Shamoon and Dark Seoul making headlines, these attacks left a trail of destruction in their wake.”
The manufacturing industry is the main target of these attacks, and more than 50% of the cases currently exposed are related to industrial companies. Organizations in the oil, gas, and education sectors are hardest hit and are very vulnerable to this type of attack. The most common initial infection is phishing emails, which then steal the electronic credentials needed to enter the internal network, flood the vulnerability attacks, and hijack the target connections to compromise.
“There are two forms of targeted attacks in the destructive world—’I need to be low and slow until I gather the information I need and plan out my attack,’ or ‘I’m going to drop in, release it, and let it go wild,'” as Christopher Scott, IBM X-Force IRIS’ Global Remediation Lead, put it. But the latter are not in the majority. IRIS observed attackers “reside” within targeted organizations’ networks for up to over four months before launching their destructive payloads—giving the malicious actors plenty of time to perform reconnaissance of the network and stealthily spread their access. And the attackers will go to great lengths to preserve access to key bits of infrastructure within the network throughout their intrusion, allowing them “to maintain control of their strongholds for as long as possible, and to cause as much damage as they can.”
A few of the key findings include:
- Massive destruction, massive costs: Destructive attacks are costing multinational companies $239 million on average. As a point of comparison, this is 61 times more costly than the average cost of a data breach ($3.92 million).
- The long road to recovery: The debilitating nature of these attacks requires a lot of resources and time to respond and remediate, with companies on average requiring 512 hours from their incident response team. It’s also common for organizations to use multiple companies to handle the response and remediation, which would increase hours even further.
- RIP laptops: A single destructive attack destroys 12,000 machines per company on average — creating quite a tab for new devices in order to get companies’ workforce back in action.