Turbotodd

IBM’s X-Force IRIS incident response team has published new research based on recent cyberattacks they’ve been asked to assist on and are reporting that cyberattacks designed to cause damage have doubled in the past six months and that 50 percent of those organizations affected are in manufacturing.

Physical, meet digital.

Some of the malicious code — including Industroyer, NotPetya, Stuxnet, among others – aren’t just looking or stealing. These are search and destroy missions.

From the report:

In the past, destructive malware was primarily used by sophisticated nation-state actors, but new analysis from X-Force’s incident response data has found that these attacks are now becoming more popular among cybercriminal attackers, with ransomware attacks including wiper elements to increase the pressure on victims to pay the ransom. As a result of this expanding profile, X-Force IRIS noted a whopping 200 percent increase in the amount of destructive attacks that our team has helped companies respond to over the past six months (comparing IBM incident response activities in the first half of 2019 versus the second half of 2018).

Other key findings:

An analysis of real-world incident response data from X-Force IRIS paints a picture of the devastating effects of these attacks on companies. A few of the key findings include:

• Massive destruction, massive costs: Destructive attacks are costing multinational companies $239 million on average. As a point of comparison, this is 61 times more costly than the average cost of a data breach ($3.92 million).
• The long road to recovery: The debilitating nature of these attacks requires a lot of resources and time to respond and remediate, with companies on average requiring 512 hours from their incident response team. It’s also common for organizations to use multiple companies to handle the response and remediation, which would increase hours even further.
• RIP laptops: A single destructive attack destroys 12,000 machines per company on average — creating quite a tab for new devices in order to get companies’ workforce back in action.

What You Can Do With An Ounce of Prevention

• Test your response plan under pressure. Use of a well-tailored tabletop exercise and a cyber range can ensure that your organization is ready at both tactical and strategic levels for a destructive malware attack.
• Use threat intelligence to understand the threat to your organization. Each threat actor has different motivations, capabilities and intentions, and threat intelligence can use this information to increase the efficacy of an organization’s response to an incident.
• Engage in effective defense in depth. Incorporate multiple layers of security controls across the entire Cyberattack Preparation and Execution Framework.
• Implement multifactor authentication (MFA) throughout the environment. The cost-benefit of MFA is tough to overstate, providing significant cybersecurity benefit in reducing the value of stolen or guessed passwords dramatically.
• Have backups, test backups and offline backups. Organizations should store backups apart from their primary network and only allow read, not write, access to the backups.
• Consider an action plan for a quick, temporary business functionality. Organizations that have been able to restore even some business operations following a destructive attack have fared better than their counterparts.
• Create a baseline for internal network activity and monitor for changes that could indicate lateral movement

If you find yourself in a cyberemergency, you can reach IBM Security at 888-241-9812 in the US and Canada, or (001) 312-212-8034 outside the US.