Positive Technologies: data-wiping attacks are on the rise

News outlets are experiencing an increase in attacks, with mass media now among the five most targeted sectors. Attacks on websites are also up, and data-wiping malware gains traction to pose a widespread threat.

Positive Technologies found that the number of cyberattacks in Q1 2022 increased by 14.8 percent over Q4 2021. Our analysts also identified new attack techniques, including the use of data-wiping malware.

The overall number of cyberattacks in Q1 2022 rose by 14.8 percent over Q4 2021. Positive Technologies analysts attribute this increase to an overall escalation in cyberspace confrontations. Most attacks were aimed at government agencies, medical institutions, and manufacturers. Mass media became one of the five most targeted sectors, with five percent of all cyberattacks targeted at news outlets.

Throughout Q1 2022, the number of attacks against government agencies almost doubled compared to Q4 2021. Most attacks were designed to disrupt operations and steal confidential information. In the second half of Q1 2022, our analysts observed a surge in attacks on government websites.

Attacks on websites in general accounted for 22 percent of all incidents, up from 13 percent in the previous quarter. The rate of credential compromise and brute-force attacks also increased. Most of these attacks were targeted at corporate websites and social network accounts. Attackers primarily sought to steal confidential information, including personal data (34%) and trade secrets (19%). Medical information (15%) and user credentials (12%) were also in high demand. Attacks against individuals were mostly aimed at stealing login credentials (46%), personal data (19%), and bank card details (21%).

The use of infostealers—spyware designed to steal information, including user credentials—is also on the increase. VPN usernames and passwords, which are sold on dark web forums, are of particular interest to attackers. Spyware accounts for 18 percent of malware used to attack organizations and 38 percent of malware used to attack individuals.

Ekaterina Semykina, Information Security Analyst at Positive Technologies, commented on the emergence of data wipers: "In Q1 2022, we saw an increase in the number of attacks using data-wiping malware. They now account for three percent of attacks on organizations and two percent of attacks on individuals. Among data wipers that emerged in Q1 2022 are WhisperGate, HermeticWiper, IsaacWiper, DoubleZero, and CaddyWiper. It’s curious to note that in some cases data wipers impersonated ransomware attacks. Victims even received ransom notes, but no decryption keys were provided and the data was irrecoverably corrupted. Data wipers are distributed using a variety of methods. For example, HermeticWiper was propagated using a network worm, and DoubleZero was concealed in archives delivered in targeted phishing attacks. In the case of CaddyWiper, attackers usually had access to the target organizations’ networks in advance. To avoid becoming a victim of data wipers, we recommend checking all files in a sandbox and isolating vitally important network segments."