What are Data-Wiping Cyberattacks?
The Cybersecurity and Infrastructure Security Agency (CISA) has urged U.S. organizations to strengthen their cybersecurity defenses against data-wiping cyberattacks.1 CISA warns that these cyberattacks can disrupt essential services and can impact companies, non-profits, and organizations of all sizes across multiple sectors of the economy. This warning has been issued in response to recent malicious cyberattackers that included incidents involving website defacement and data-wiping.
Website defacement. A website defacement cyberattack involves a cyberattacker defacing a website by changing its appearance or content. Cyberattackers may be motivated to conduct a website defacement attack for various reasons including embarrassing their victim or promoting alternative views. Cyberattackers may deface a website by injecting malicious code into the website’s script, allowing them to take control of the website. Once they have taken control of the website, they can gain access privileges to the website and acquire any sensitive data. Cyberattackers may use a VPN to disguise their location, and they may use automated scanning software to find website vulnerabilities. Cyberattackers may disguise themselves as authorized users in order to access remote files and websites to execute their own commands.
Data-wiping cyberattacks. Also known as a “wiper”, data-wiping malware is a class of malicious software that is characterized by its ability to delete data from the devices it infects. Data-wiping cyberattacks are purely destructive in nature and often do not involve ransom. Some recent data-wiping cyberattacks have, however, been disguised as ransomware. Due to the destructive nature of data-wiping attacks, it is surmised that data-wiping cyberattacks are often government-backed/politically motivated.
CISA urges organizations to reduce the likelihood of damaging cyber intrusion by:
- Validating that all remote access to the organization’s network and privileged or administrative access requires multi-factor authentication.
- Ensuring that software is up to date, prioritizing updates that address known exploited vulnerabilities identified by CISA.
- Confirming that the organization’s IT personnel have disabled all ports and protocols that are not essential for business purposes.
- If the organization is using cloud services, ensure that IT personnel have reviewed and implemented strong controls outlined in CISA’s guidance.
- Signing up for CISA’s free cyber hygiene services, including vulnerability scanning, to help reduce exposure to threats.
CISA urges organizations to take the following step to detect a potential intrusion:
- Ensure that cybersecurity/IT personnel are focused on identifying and quickly assessing any unexpected or unusual network behavior. Enable logging in order to better investigate issues or events.
- Confirm that the organization’s entire network is protected by antivirus/antimalware software and that signatures in these tools are updated.
- If working with Ukrainian organizations, take extra care to monitor, inspect, and isolate traffic from those organizations; closely review access controls for that traffic.
1 CISA, 2022, “Implement Cybersecurity Measures Now to Protect Against Potential Critical Threats”