Rapid attacks
Rapid cyberattacks like Petya and WannaCrypt have dramatically changed expectations regarding the speed and scope of resulting damages. In 2017, among the global enterprise customers, these rapid cyberattacks took down most or all IT systems in about one hour, resulting in $200M – 300M USD of damage at several customers.
Petya and WannaCrypt malware have changed our perspective on the speed and amount of damage that can be inflicted. Rapid cyberattacks have the following characteristics:
- Rapid and Automated – Much like the worms of decades past (such as Nimda or SQL Slammer), these attacks happen very rapidly because self-propagation is fully automated once the malware is launched.
- Disruptive – Rapid cyberattacks are designed to be disruptive to business and IT operations by encrypting data and rebooting systems.
Rapid attacks, such as Petya, exhibit some unique characteristics, differentiating them from other types of cyberattacks, including the following:
- Supply chain – rapid attacks tend to rely on a supply chain to enter target environments instead of phishing or browsing, which are much more commonly used by threat actors for most attacks.
- Multi-technique – rapid attacks use multiple propagation techniques, combining exploits of software vulnerabilities and impersonation techniques.
- Fast – rapid attacks have extremely high propagation speed. This leaves very little time for defenders to react (detect + manually respond or detect + write automatic response rules), underscoring the importance of preventive controls and recovery processes.
- Destructive – rapid attacks tend to cause system restarts and affect their ability to complete the reboot (for example, by encrypting the master file table). This tends to considerably complicate recovery efforts.
No comments:
Post a Comment