The latest intel on wipers

The mass proliferation of wiper malware continues to demonstrate the destructive evolution of cyberattacks. Does the evidence support the theory that the ongoing conflict in Europe is responsible for the rise in windshield wipers? As a matter of fact. Additionally, given that Russia is the main source of wiper activity, one can expect an increase in the use of wipers against countries and organizations that provide aid, weapons, or other logistical support to Ukraine.

While both ransomware and wipers proliferated in the second half of 2022, FortiGuard Labs research found that it was wipers that really picked up steam. And that trend shows no signs of slowing, meaning defenders must act and prepare now as if they are being targeted.

Major extinction in second half of 2022

The destructive APT-like Wiper malware spread widely in 2022. Data analysis reveals a pattern of malicious actors persistently employing destructive attack methods against their targets. Because the internet has no physical boundaries, it also shows how quickly cyber attackers are able to adopt and scale these types of attacks – which have been made possible in large part by the cybercrime-as-a-service (CaaS) paradigm .

Wipers have been around since 2012 and get their name from the malware’s goal: to “erase” the victim’s computer files. Until 2022, wiper activity was low, with perhaps one or two new samples appearing each year. However, between the first and second half of 2022, wiper volume saw a significant volume increase and the year ended with a significantly higher increase. An intriguing difference in the first half of 2022 was that numerous organizations publicly linked most of the wipers discovered — CaddyWiper, WhisperGate, HermeticWiper, etc. — to Russian state-sponsored actors.

Additionally, in the second half, other identified wipers were either attributed to pro-Russian hacktivist organizations like Somnia, or individuals motivated by this trend to develop their own wipers. This is a very important change to be aware of as it opens the door to more families, actors and cybercrime in general.

The spread of wiper malware to other countries during the year resulted in a 53% increase in wiper activity from Q3 to Q4 alone. While some of this activity may have been enabled by wiper software originally developed and disseminated by nation-state actors in the context of war, it is now being adopted by cybercriminal organizations and moving outside of Europe.

Given the level of activity seen late last year, it looks like the development of wiper malware isn’t slowing down any time soon. And that means any company could be a potential target.

The growth of windshield wipers

Already this year, wiper malware has been proliferating, which is worrying. A bigger concern is that wiperware will become increasingly commercialized and even more accessible to cybercriminals via CaaS. One of the biggest emerging concerns the security community at large is experiencing is the use of wipers in conjunction with other attack vectors. Wipers have the potential to destroy IT networks in both the public and private sectors around the world. And because they’re standardized, wipers can do massive damage to networks.

Avoiding a wipe-out

The cybersecurity community is always on the lookout for the next shiny object that could help in the fight against ransomware and wipers. Upfront investments in wiper mitigation are becoming increasingly important as initial damage can be exponentially costly to recover. And it’s really proven tactics like these that win the day:

• Proactive Protection: It’s much easier to stop threats before they infiltrate your network. Use an AI-based tool to detect targeted attacks that reproduces the human-centric investigation that would otherwise force organizations to catch up. Such solutions simplify complexity, accelerate detection, and create an enterprise-wide response to cyberattacks.
• Off-network backups: Having backups on hand is your best defense against the effects of ransomware and wiper viruses. You need to keep backups off-network because malware often actively looks for device backups on the computer (e.g. Windows shadow copy) or on the network to delete them. You need to have a board-level conversation about risk. That’s actually what it’s all about: Windscreen wipers increase risk and collateral damage.
• Network segmentation: The right segmentation can be beneficial in several ways. For example, it can limit the impact of an attack to a specific area of ​​the network. In addition, firewalls, antivirus software, and intrusion prevention systems can identify communications with known command-and-control servers — malicious files transmitted over the network and malware itself.
• Incident Response: The success or failure of an attack can depend heavily on the effectiveness and speed of incident response. How the incident response team handles the alert and responds when a compromise is discovered—before wiper malware is installed—can mean the difference between successful data loss prevention and complete data destruction.

Be on the lookout for danger

Cyber ​​criminals never miss an opportunity. Threats are constantly increasing, whether it is a vulnerability, an attack or a global conflict. By keeping a close eye on emerging trends like wiper malware usage, you can anticipate the future and prioritize your resources on critical strategies you can implement to improve your cybersecurity posture and ensure there are no gaps in your defenses . This improves the functionality of your company even in the event of an unforeseen attack.

Learn more for the latest cyber threat trends in FortiGuard Labs’ semi-annual Global Threat Landscape Report.