The Talos Intelligence Group or TIG of Cisco has declared a warning. In the white paper titled Wiper Malware: Attacking from the Inside, authored by Vitor Ventura, technical lead and cybersecurity researcher at Talos Intelligence Group, with collaboration by Martin Lee, technical lead, and manager of EMEA, inform hackers are replacing their attack methods. The white paper states that a wiper is a malicious software whose only intention is to destroy either system and data. And it usually causes significant financial and reputation destruction. The motive behind such wiper attempts may be political, directed at creating publicity, or else it can be clear and straightforward artifact damage with the purpose of obstructing a forensics investigation.
Here is how you can mitigate wiper attacks:
1- Cybersecurity incident response plan (CSIRP)
Prompt response is based on understanding what is to be done, and this is where cybersecurity incident response plan comes into action. According to the white paper, the CSIRP must have a precise definition of roles as well as responsibilities. They must not be confined to the cybersecurity division, or also to the IT division. Everybody in the company must understand their role, and what sort of decisions are required from them. It involves the legal division and public relations department.
2- Cybersecurity-aware business continuity plan
A majority of organizations have continuity plans for testing situations such as physical and virtual. Ventura emphasizes it is essential to involve overcoming from wiper attacks while making continuity plans, especially, protecting the backup infrastructure of the business. In order to achieve that, it is suggested that:
- Run backup software on non-Windows computer systems.
- Segment the backup network.
- Use different usernames and passwords for different accounts.
3- Risk-based patch management program
Ventura highlights the value of decreasing the attack surface of the business by keeping all of the applications up to date. Though implementing software patches can get problematical, this is is the reason why IT units must prudently consider the risk of being vulnerable versus the chance of affecting the company.
4- Network and user segregation
One of the most significant features of damage reduction is network segregation, it is not only complicated, but it is also difficult to accomplish; though Ventura might have an answer: Networks based on intent can make network segregation way more easy and faster. Even if this task is not used at the time of business-as-usual operations, possessing the ability to conduct emergency segregation will create the difference between a cyber attack having a drastic impact on the company, or merely being a little disturbance.
Security experts do not have this choice in user segregation. The white paper categorically asserts that user segregation needs to be at the center of the operation of a business. Some ideas on how to get user segregation are mentioned below:
- Each and every person does not have to log on to every computer system
- While working on regular workstations or servers, privileged credentials should not be used.
- Segregation of privileged credentials is essential, and it must only be used on trusted workstations which have been specially created for administrative tasks.
5- Cybersecurity technology stack
Companies must not entrust the digital setup to just one cybersecurity technology. Ventura continually said that wiper attacks are intended to identify common antimalware technology. Businesses require layers of security which overlap to make their digital protection complex and obfuscated. To enhance a company’s cyber security technology stack, you should take the steps mentioned below:
- EDR technology for decreasing time spent in detecting and time spent in recovering from wiper attacks.
- Sandboxed execution, which lets security experts examine software behavior before they can allow it on the organization network.
- Network-level tools, like intrusion detection systems as well as intrusion prevention systems, competent in discovering and preventing infiltration attempts by attackers.