Scorched Earth: Wiper Attacks are the New Face of Cyber War

Chris Clements, VP of Solutions Consulting

Key Takeaways

• Destruction Over Dollars: Unlike ransomware, wiper attacks eliminate the possibility of negotiation as the primary goal is operational paralysis and psychological impact, not financial gain.
• The Asymmetry of Cyber Warfare: Nation-state cyber-attacks offer a cheap, highly distributed, and low-risk alternative to kinetic warfare, allowing autonomous cells to execute predefined playbooks without centralized communication.
• Zero-Days on the Frontline: In an active cyber war, the “gloves come off.” Threat actors are far more willing to expose and burn their most advanced, expensive tooling and exploits to inflict maximum immediate damage on their adversaries and their supply chains

Wiper Attacks: When Extortion Isn’t the Goal

There are few things scarier than being threatened with extortion in a ransomware attack, except, of course, not being threatened with an extortion demand in a wiper attack.  The dreaded sinking feeling that no amount of money will get the data back sets in, because it was never about the money.

The Stryker Incident and Rising Geopolitical Cyber Risk

This week, suspected Iranian linked threat actor known as Handala claimed responsibility for the cyber-attack on medtech giant Stryker that took company offices down and wiped employee devices. This attack underscores the reality of technology infrastructure being a very real target during armed conflicts, and I fear we will see many more such incidents in the near future. 

Why Cyberwarfare Is Cheap, Low-Risk, and Highly Effective

Compared to kinetic warfare operations, cyberattacks are both cheap and pose little to no risk to the attackers.  Personnel involved in launching the attacks can be widely distributed, avoiding disruption from Internet outages or communications breakdowns from their leadership by operating autonomously from a predefined playbook.

Advanced Capabilities and “Gloves-Off” Tactics

Acts of cyberwar can also be far more effective than run of the mill cybercrime and ransomware as the attackers are likely to be well funded and have access to advanced tooling and exploits including zero-day vulnerabilities.  Further, in cyberwar, “the gloves are off” with attackers being willing to “burn” or expose tooling, techniques, and exploits that they would normally go to great pains to conceal during typical espionage or sabotage campaigns.

Escalation Risks and Expanding Targets

There’s also increased risk if one of the regimes involved in the conflict feels they are at existential risk and start lashing out at any and all adversary-affiliated targets they can.  Sure, they would vastly prefer targeting organizations in the opponent’s supply chain (which is why new requirements like CMMC are absolutely crucial), but every organization that is affiliated with or operates in the adversary’s territory becomes a target no matter how large or small.  Taking down Stryker may have no immediate effect on the conflict, but then, that’s not the point anymore is it?

Why Flying Under the Radar No Longer Works

Hoping to fly under the radar is no longer a viable defense. Surviving well-funded, scorched-earth tactics requires more than buying the cybersecurity product you saw on a billboard at the airport.  It requires in-depth defensive strategy including layers of protective tooling, proactive system and application hardening, 24/7 monitoring and response, validating the environment with ethical hacking and penetration testing, and immutable backups in case the worst occurs. 

Building True Resilience

A few organizations have the budget for the personnel and tooling to do this effectively, but for everyone else, partnering with professionals provides access to top tier security.  If you need help with any of these, or with achieving rigorous compliance standards like CMMC, contact CISO Global for genuine, battle-tested resilience that’s baked into your infrastructure before the gloves come off.