Nowadays, hackers are more interested in wreaking havoc, rather than just creating malware that’s going to steal data or conduct some form of espionage, new research has said.
According to IBM’s X-Force IRIS incident response team, cyberattacks designed to cause damage, employing the likes of Industroyer, NotPetya or Stuxnet, have more than doubled in the past six months.
Half of all of the attacks were against organisations in the manufacturing sector, with the attackers looking to lock systems, crash PCs, make services unusable, and / or delete critical files. Organisations in oil, gas, and education are considered most at risk.
"Historically, destructive malware such as Stuxnet, Shamoon, and Dark Seoul was primarily used by nation-state actors," the researchers say. "However, especially since late 2018, cybercriminals have been incorporating wiper elements into their attacks, such as with new strains of ransomware like LockerGoga and MegaCortex."
Businesses residing in Europe, the US and the Middle East are most frequently targeted. They’re usually attacked with phishing, credentials theft, so-called “watering hole” attacks, as well as attacks against the supply chain and other third parties.
Some hackers will compromise the network and sit idly for months, before opting for a specific set of moves.
"There are two forms of targeted attacks in the destructive world: "I need to be low and slow until I gather the information I need and plan out my attack' [...] or, "I'm going to drop in, release, and let it go wild," said Christopher Scott, Global Remediation Lead at IBM X-Force IRIS.