In a digital era when everything and everyone is connected, malicious actors have the perfect space to perform their activities. During the past few years, organizations have suffered several kinds of attacks that arrived in many shapes and forms. But none have been more impactful than wiper attacks. Attackers who deploy wiper malware have a singular purpose of destroying or disrupting systems and/or data.

Unlike malware that holds data for ransom (ransomware), when a malicious actor decides to use a wiper in their activities, there is no direct financial motivation. For businesses, this often is the worst kind of attack, since there is no expectation of data recovery.

Another crucial aspect of a wiper attack is the fear, uncertainty and doubt that it generates. In the past, wiper attacks have been used by malicious actors with a dual purpose: Generate social destabilization while sending a public message, while also destroying all traces of their activities.

A wiper’s destructive capability can vary, ranging from the overwriting of specific files, to the destruction of the entire filesystem. The amount of data impacted will be a direct consequence of the technique used. Which, of course, will have direct impact on the business — the harder the data/system recovery process becomes, the bigger the business impact.

The defense against these attacks often falls back to the basics. By having certain protections in place — a tested cyber security incident response plan, a risk-based patch management program, a tested and cyber security-aware business continuity plan, and network and user segmentation on top of the regular software security stack — an organization dramatically increases its resilience against these kind of attacks.



Talos Group

Talos Security Intelligence & Research Group