Cybersecurity firm Check Point reports an increase in wiper-ware attacks amid geopolitical uncertainty
A senior official from an Israeli cybersecurity firm said that companies should be conscious of an increase in wiper-ware attacks, as data and digital systems are being targeted for annihilation in geopolitical conflicts.
Maya Horowitz, Director of Threat Intelligence and Research at Check Point Software Technologies, added that the onset of the two major conflicts over these last couple of years have been a major reason for the uptick in such attacks, with cyber being used “to complement” the physical battlefield.
Unlike ransomware where data is held hostage unless payment is made, wipers aren’t malware of the money-making ilk. As the name suggests, the intent is to cripple capabilities including military and civilian digital infrastructure by wiping off data, something that explains why it is more a tool used by nation-states, as it allows them to open a separate cyber front for conflicts.
Horowitz pointed to the Israeli-Hamas war in which a wiper-ware named after Israeli Prime Minister Benjamin Netanyahu – called BiBi with both a Linux and Windows variant – has been targeting Israeli companies since the start of the war late last year. A hospital in Northern Israel was affected by wiper-ware from cyber groups allegedly close to Hezbollah, a Lebanese group with Iranian connections. There have also been instances of attacks from another group called Cyber Toufan.
This kind of malware has seen an uptick since 2022, because of its extensive use in the cyberwarfare front of the Russia-Ukraine conflict. Check Point says that as many as nine forms of wiperware might have been used in that conflict in 2022.
Unlike the localised nature of these physical conflicts, its cyber-arena extends far and wide. India’s stance on the Israel-Hamas conflict has also seen it become the target of attacks, as it is seen as being sympathetic to Israel.
Last year in July, Albania had been at the receiving end of such attacks which deleted data and took down several government services. Western nations have since attributed these attacks to Iran, with Albania sheltering members of prominent Iranian opposition Mujahedeen-e-Khalq, or MEK, as being the immediate reason for the attack. Tehran has vehemently denied any involvement.
Palestinian companies have been seeing cyberattacks from the Israeli side as well. A Cloudflare report from the initial days of the attack had reported on Palestinian companies, especially those in banking, facing DDoS attacks – a technique where servers are overwhelmed by routing large amounts of traffic.
Horowtiz leads a team of around 200 people scattered around the world in her threat intelligence team, collecting data from various sources including the dark web, Telegram groups and from Check Point’s own data.
Email-led phishing has remained the primary way in which such wiper-ware spreads. Meanwhile Horowitz has also warned companies that there has been a return of an old infection vector – the USB drive. She said that Check Point, over the last year or so, has seen at least three instances of the USB stick being used to spread malware.
One of the most critical things that companies can do to guard against wiper-ware attacks is to regularly backup all data, and to educate and warn employees to be wary of clicking on links as a practice.