Author Topic: U.S. Government Warns of Data Wipers Used in Iranian Cyberattacks  (Read 163 times)

Offline javajolt

  • Administrator
  • Hero Member
  • *****
  • Posts: 35126
  • Gender: Male
  • I Do Windows
    • windows10newsinfo.com
According to a statement by the U.S. Cybersecurity and Infrastructure Security Agency, an increase in cyber attacks utilizing destructive wiper tools has been detected targeting U.S. industries and government agencies by Iranian actors or proxies.

The statement, titled "CISA Statement on Iranian Cybersecurity Threats", was posted today by CISA Director Chris Krebs to his Twitter account and issues a warning that Iranian affiliated actors are increasingly using destructive wiper attacks on targeted networks and computers.

A wiper is a malware program designed to delete data on a computer. Unlike ransomware, which is designed to ransom your encrypted files for a payment, wipers are designed to destroy your data with no way of recovering the files.

Wiper attacks have been used in the past by state actors or as decoys for other attacks, which are described later in the article.


CISA Statement on Iranian Cybersecurity Threats - click to enlarge

This statement was uploaded to Twitter as an image but can be read in its entirety below. Director Krebs has told BleepingComputer that the statement will be available on the CISA site in the near future.

Quote
CISA Statement on Iranian Cybersecurity Threats

WASHINGTON - In response to reports of an increase in cybersecurity threats, the Department of Homeland Security's (DHS) Cybersecurity and Infrastructure Security Agency (CISA) Director Christopher C. Krebs issued the following statement:

"CISA is aware of a recent rise in malicious cyber activity directed at United States industries and government agencies by Iranian regime actors and proxies. We will continue to work with our intelligence community and cybersecurity partners to monitor Iranian cyber activity, share information, and take steps to keep America and our allies safe.

Iranian regime actors and proxies are increasingly using destructive 'wiper' attacks, looking to do much more than just steal data and money. These efforts are often enabled through common tactics like spear phishing, password spraying, and credential stuffing. What might start as an account compromise, where you think you might just lose data, can quickly become a situation where you've lost your whole network.

In times like these it's important to make sure you've shored up your basic defenses, like using multi-factor authentication, and if you suspect an incident - take it seriously and act quickly.  You can find other tips and best practices for staying safe online here.

Anyone who has relevant information or suspects a compromise should immediately contact us NCCICCUSTOMERSERVICE@hq.dhs.gov.”

According to the issued statement, these attacks are being conducted using common tactics such as credential stuffing, password spraying, and spear phishing.

In follow up tweets, Krebs recommended the following CISA bulletins for those who wanted to learn more about how to protect against these types of attacks:

■ Brute Force Attacks Conducted by Cyber Actors

Avoiding Social Engineering and Phishing Attacks

Protecting Against Ransomware

Recovering from Viruses, Worms, and Trojan Horses

Like ransomware, ultimately the best defense against a Wiper attack is to make sure that you have a working backup of your data. With a safe and secure backup, even if an attacker was able to gain access to your network or computer and wipe your data, you could simply restore from a backup.

Destructive wiper attacks

In the statement by CISA, it was mentioned that an account compromise could quickly turn into an attack that wipes an entire network.

Quote
"What might start as an account compromise, where you think you might just lose data, can quickly become a situation where you've lost your whole network."

While this author does not know of any network-wide wiper attacks that were attributed to Iranian actors, other known attacks utilized them in the past:

■ In 2012, a malware called Shamoon was utilized as a political protest against Saudi Arabia. When the attack was unleashed it is said to have wiped over 30,000 computers.

■ In 2017, a ransomware called NotPetya was unleashed that utilized the EternalBlue exploit to spread to vulnerable systems. It turned out that NotPetya was not ransomware, but a data wiper.

■ Also in 2017, an anti-Israel & pro-Palestinian data wiper called IsraBye was discovered that pretended to be ransomware.

■ In 2018, a SWIFT banking hack utilized a wiper called KillDisk to take down 9,000 computers and 500 servers to distract network admins while the hackers stole $10 million.

■ Also in 2018, a wiper called Olympic Destroyer targeted the computer systems for the PyeongChang 2018 Winter Olympics.

source