Cisco Warns New DeOS Attacks Could Aim To Destroy Computer Systems, Files
For businesses and organizations hit by the massive, global cyberattacks in the past two months, there likely is no reprieve coming in the near future. Cisco is warning that a new breed of “destruction of service” (DeOS) attacks could be on the way.
In its Midyear Cybersecurity Report, the international information technology company said the recent WannaCry ransomware attack in May and the Petya attack in June could just be the start of attacks in which the attackers don’t aim to just disrupt but destroy.
Read: What Is Petya? Ransomware Attack Hits Computer Systems Across The Globe
Petya —also referred to as NotPetya, as the attack took inspiration from Petya ransomware but is not of the same family of malware—in particular could be an example of what future attacks may consist of.
While Petya presented itself as a ransomware attack—similar to WannaCry, which had hit hundreds of thousands of machines just one month earlier—it was actually a “wiper,” or an attack that aims to destroy files and systems.
Petya caught businesses and organizations by surprise when it started spreading in June, although it used in part the same propagation method that WannaCry used. The attack initially hit a tax software company in Ukraine and spread through its supply chain to companies that used its accounting products.
The attack would overwrite a victim’s Master Boot Record, leaving them with no means of recovering their files. In some cases, like with FedEx subsidiary company TNT Express, the attack disrupted operations and caused significant financial harm.
Read: IoT Security: Nearly Half Of Businesses Experience Breaches Because Of Internet Of Things
Cisco’s report suggested that attacks like Petya are likely to increase, especially given its success. The company also said such attacks may also target weak points of a company’s infrastructure, including Internet of Things devices.
“What we can be sure of is that the emerging Internet of Things (IoT), and its myriad devices and systems with security weaknesses ripe for exploitation, will play a central role in enabling these campaigns of escalating impact,” the report said. “The IoT is a bold new frontier for attackers and defenders in their arms race.”
IoT devices have notoriously been lax when it comes to security—especially devices that are consumer facing. However, enterprise IoT devices used throughout the a company’s operations can also carry risks. A recent survey conducted by strategy consulting firm Altman Vilandrie and Company found half of all companies in the United States that use an Internet of Things (IoT) network have been affected by a security breach that has hurt annual revenue.
While Cisco’s report raises new concerns for businesses, organizations and government agencies who may be caught in the crossfire of destructive attacks, the news isn’t entirely bad. The report also revealed time-to-threat detection in cyberattacks had dropped from 39 hours in November 2015 to just 3.5 hours during the first quarter of 2017.
© Copyright IBTimes 2024. All rights reserved.