Destructive attacks cost multinational companies $239 million on average, far more than the cost of a data breach, according to IBM X-Force.
Destructive malware—which disables access to information or shuts down system functions—has been expanding worldwide in recent years, putting businesses across all industries at risk, according to IBM X-Force’s Combating destructive malware: Lessons from the front lines report, released Monday.
This malware has the power to wipe data and make millions of machines inoperable, the report found, as its intention is to cause damage, rather than spy on or steal data. These attacks were primarily used by sophisticated nation-state actors in the past, but today, they are becoming more popular among cybercriminals. The IBM X-Force Incident Response and Intelligence Services (IRIS) team observed a 200% increase in the number of destructive attacks it has helped companies respond to over the last six months alone.
SEE: Special report: Cyberwar and the future of cybersecurity (free PDF) (TechRepublic)
Organizations that fall victim to destructive malware attacks end up paying an average of $239 million, and see more than 12,000 devices destroyed, according to the report. Recovery requires an average of 512 hours of work from an incident response team, remediating and rebuilding the environments that have been destroyed.
Examples of destructive malware include Industroyer, NotPetya, and Stuxnet. Some 50% of destructive malware cases were found in the manufacturing industry, while the oil and gas and education sectors were also major targets, IBM X-Force found. Most attacks observed by the research team took place in the US, Europe, and the Middle East.
How to reduce the risk of destructive malware attacks
Cybercriminals using destructive malware often enter business systems through phishing emails, password guessing, third-party connections, and watering-hole attacks, IBM X-Force found. They also target privileged accounts and use them along with remote services to move through a network.
Organizations can take the following steps to prevent destructive malware attacks from hitting, according to IBM:
1. Test your response plan under pressure. Use of a well-tailored tabletop exercise and a cyber
range can ensure that your organization is ready at both tactical and strategic levels for a
destructive malware attack.
2. Use threat intelligence to understand the threat to your organization. Each threat actor has different motivations, capabilities, and intentions, and threat intelligence can use this information to increase the efficacy of an organization’s response to an incident
3. Engage in effective defense-in-depth. Incorporate multiple layers of security controls across the entire Cyberattack Preparation and Execution Framework.
4. Implement Multifactor Authentication (MFA) throughout the environment. The cost-benefit of
MFA is tough to overstate, providing significant cybersecurity benefit in reducing the value of
stolen or guessed passwords dramatically.
5. Have backups, test backups, and offline backups. Organizations should store backups apart
from their primary network and only allow read, not write, access to the backups.
6. Consider an action plan for a quick, temporary business functionality. Organizations which
have been able to restore even some business operations following a destructive attack have
fared better than their counterparts.
7. Create a baseline for internal network activity, and monitor for changes that could indicate
For more, check out Special report: A winning strategy for cybersecurity on TechRepublic.