Attacks seeking to wreak havoc on targets’ systems have risen sharply, with the manufacturing sector accounting for half of all incidents, finds IBM X-Force
Destructive cyber-attacks have doubled in the past six months, with half of those targeting the manufacturing sector, researchers have said.
IBM’s X-Force IRIS incident response team said that while such attacks have in the past been mainly associated with nation-states, cyber-criminals are increasingly making use of them as part of ransomware in order to increase pressure on their targets to pay ransoms.
The findings are drawn from incidents the IRIS team has helped companies respond to.
Destructive attacks, in contrast to those aimed at stealing funds or data, rose 200 percent in the first half of 2019 compared with the second half of last year.
High cost of recovery
Such attacks are typically aimed at rendering systems and equipment unusable, and cost multinational companies $239 million (£196m) on average, with a single attack destroying 12,000 workstations or laptops on average.
That’s 61 times more costly than the average data breach, at $3.92m, X-Force said.
On average companies’ response teams required 512 hours to remediate destructive attacks, with the figure rising higher if firms employ more than one company to carry out remediation.
Well-known destructive attacks including Stuxnet, Shamoon and DarkSeoul are thought to have been carried out by nation-states, but X-Force said newer ransomware strains including LockerGoga and MegaCortex also include destructive “wiper” elements.
“Financially motivated attackers may be adopting these destructive elements to add pressure to their victims to pay the ransom, or to lash out at victims if they feel wronged,” X-Force said in its study.
Aside from manufacturing, the group found that oil and gas and education were also at risk.
Most of the destructive attacks were observed in Europe, the U.S. and the Middle East, and gained initial access via phishing emails, password guessing, third-party connections and watering hole attacks.
At times attackers waited weeks or months after gaining initial access before launching an attack, IBM found.
The company advised firms to ensure they have adequate security and disaster-recovery plans in place, and recommended security measures such as multi-factor authentication.