Most people are familiar with the most popular types of cybercrime. Nearly everyone has heard the terms “computer virus”, “trojan horse”, and “malware”, but not everyone is familiar with the “wiper attack”, also referred to as “wiper malware”.
The wiper attack is one of the most insidious types of malware because there is often no financial reward for the hacker, although sometimes hackers use them to cover their tracks after stealing valuable data. In other cases, they are generally motivated out of spite or hatred towards the target.
What is a Wiper Attack?
Although the wiper is historically one of the least common types of cybercrime, it is still something of which businesses and cybersecurity experts should be aware. They’re also growing in popularity, with more attacks than ever being reported within the last few years.
A wiper attack involves a hacker gaining access to a computer system and deleting files intended to make the server unusable. Generally, the first target is either the Master Boot Record (MBR) or, for NFTS-formatted drives, the Master File Table (MFT). If these files are missing or corrupted, the system won’t be able to start up.
Unlike ransomware which prevents the target from accessing their files until a payment is made, a wiper aims to delete the data from the drive entirely. After the MBR or MFT is deleted, the rest of the data is usually overwritten with small files, usually 64 kilobytes, that contain random and meaningless data.
Preventing Wiper Attacks
One of the best ways to prevent a wiper attack is to have the right security in place beforehand that prevents hackers from entering the system in the first place. There is generally no warning and once the boot files have been eliminated, it’s likely already too late.
In addition to standard cybersecurity measures, an AI-based security system can detect patterns for things like attempted logins faster than humans, which can be particularly useful if the hacker is attempting to brute-force the system. Brute-forcing is a technique where a computer program guesses every single possible combination of letters, numbers, and special characters to figure out the correct password.
Cybersecurity Expert Hari Ravichandran has spoken many times about the usefulness of AI in preventing cybercrimes. He points out that while AI can be used to hack systems and create dangerous program code, it is also important to note the benefits that an AI-based security system can offer.
The Importance of Backups
The most important tool in fighting a wiper attack is making sure that all files are backed up regularly onto an external drive. That drive should be unplugged immediately after the files have been transferred, as hackers will be able to access any external plugged into the machine they’ve accessed or any network drives it can view.
If the backup system is cloud-based, meaning the files are stored remotely online, it’s important to make sure that the password for the backup is different than the one used to access the data on the server. If the hacker has figured out one password, there’s a good chance they can figure out the rest.
With a proper backup stored offline, the only real loss will be time. Specifically, the time it takes to restore the files to their proper locations and the downtime that will be suffered while the transfer takes place.
Usage
Wiper attacks have actually been around for several years, with one of the first known uses being the Sony hacks of 2012. Unlike standard wipers that are only intended to delete data, the hackers copied many files first, which resulted in many emails and other internal communications being leaked.
More recently, hackers have used wipers on targets in Ukraine, specifically government websites, banks, and other important pieces of infrastructure. These attacks were strictly intended to disrupt day-to-day operations, with the hackers receiving no financial gain.
Conclusion
Although wiper attacks aren’t as popular with hackers as other types of cybercrime, they are growing in popularity and could become more common as time goes on. The best defense is a strong firewall and passwords that aren’t easily guessed that will prevent hackers from accessing the system in the first place.
Once the attack has started, it may not be possible to stop it. However, with regular backups stored physically, the data can easily be replaced with a little time and effort.
