GUEST BLOG: As wiper threats rise, governments need better coordination, planning, and data sharing
BlogMarch 14, 2023
While many other types of threats still exist in the wild, the rise of wiperware – a class of malware that maliciously erases data on the infected device – has sparked special concern among security teams in the public and private sectors.
Fears around the proliferation of threats emerging from the war in Ukraine are becoming a reality, with FortiGuard Labs researchers identifying seven new major wiper variants targeting government, military, and private organizations in the first six months of 2022, almost as many as the total identified since the first iteration observed a decade ago. Fortinet’s analysis shows that adversaries use wiperware attacks for everything from financial gain and sabotage to destruction of evidence and cyberwar.
One prominent wiper example is called CaddyWiper, a variant used to erase data and partition information from drives on systems belonging to a number of Ukrainian organizations soon after the war began. HermeticWiper – a tool for triggering boot failures that IT security firm SentinelLabs found being used in similar attacks – is another recent variant.
The threat has also moved beyond Ukraine’s borders with the use of disk-wiping malware detected in 24 additional countries. AcidRain, a wiper used to target a Ukrainian satellite broadband service provider, also ended up being used in an attack that knocked nearly 6,000 wind turbines offline in Germany. And of coure, NotPetya, which many believe was wiper malware thinly disguised as botched ransomware, was initially launched in Ukraine in 2017 but rapidly spread worldwide and caused an estimated $10 billion in damage.
Preparing integrated responses across international governments as well as within federal agencies will become increasingly important as these sophisticated and damaging attacks become more prevalent. Collaboration in planning, preparation, detection, and response for wiper attacks will be critical to fending off attacks that could bleed not just into neighboring countries but also across continents and critical infrastructure sectors.
This is already happening in some situations. Ukraine understands how important coordination with surrounding countries will be not only in its fight against Russia, but also against any malicious cyber actors looking to take advantage of an already tenuous situation. The country recently signed a memorandum of cooperation with Poland as a way to stave off incoming cyberattacks. The agreement aims to both strengthen the joint fight against cybercrimes and share experiences and detailed information about cyber incidents more quickly and effectively.
Mykhailo Fedorov, Ukraine’s vice prime minister and minister of digital transformation, put a finer point on the situation: “The first world cyberwar is ongoing. Therefore, joining efforts and exchanging practices is a logical step in this area. With Poland, we have not only a common physical border but also a joint problem in cyberspace, where we experience the same kind of attacks.”
In mid-August 2022, the U.S. and Mexico announced that a cyber issues working group had convened its first bilateral cyber dialogue. The meeting’s stated mission was to advance bilateral cooperation on cyber issues to create “an open, interoperable, secure and reliable Internet and a stable cyberspace.”
The agreement includes measures to enhance technical coordination in the event of cyber incidents involving national and shared critical information infrastructures, facilitate the exchange of cyber threat intelligence data, and continue bilateral training programs for state and federal agencies in both countries.
Measures like the two outlined above are a good start in coordinating efforts, but the private sector has a big role to play as well. Governments can’t see or stop all attacks on their own, nor can they innovate to meet newer, more effective attacks at the speed and in the way that private cybersecurity companies can.
On the flip side, the private sector benefits greatly from government resources, research, and threat intelligence.
The wiper threat is real and only surmountable if governments and industry work together. Cooperation and coordination will be key, as it often is, when talking about the future of cybersecurity. Organizations from both the public and private sectors can harness their unique skill sets to assemble a team that addresses all facets of the evolving threat landscape.
Jim Richberg is the public sector field chief information security officer for Fortinet. Prior to joining Fortinet in 2019, he served as the National Intelligence manager for cyber, the senior federal executive focused on cyber intelligence within the $80B+/100,000 employee U.S. intelligence community (IC). He led creation and implementation of cyber strategy for the 17 departments and agencies of the IC, set integrated priorities on cyber threat, and served as senior advisor to the Director of National Intelligence (DNI) on cyber issues. Mr. Richberg’s broad operational experience – including his 20 years at CIA – gives him practical insight into difficult cyber problems ranging from advanced threat capabilities to supply-chain integrity and election security. He has extensive experience engaging with audiences ranging from heads of state and CEOs to analysts and IT staff. He brings a strong focus on strategic problem solving and on framing complex problems in comprehensible terms that facilitate analysis and formulation of solutions.