'Wiper' Malware: What You Need to KnowAnti-Virus Expert Outlines Defenses in Wake of Sony Hack
The FBI has reportedly issued an emergency "flash alert" to businesses, warning that it's recently seen a destructive "wiper" malware attack launched against a U.S. business.
Security experts say the FBI alert marks the first time that dangerous "wiper" malware has been used in an attack against a business in the U.S., and many say the warning appears to be tied to the Nov. 24 hack of Sony, by a group calling itself the Guardians of Peace (see Sony Hack: FBI Issues Malware Alert).
Large-scale wiper attacks are quite rare, because most malware attacks are driven by cybercrime, with criminals gunning not to delete data, but rather to quietly steal it, and for as long as possible, says Roel Schouwenberg, a security researcher at anti-virus firm Kaspersky Lab. "Simply wiping all date is a level of escalation from which there is no recovery."
Many Sony hack commentators have focused on the fact that previous wiper attacks have been attributed to North Korea, and that the FBI alert says that some components used in this attack were developed using Korean-language tools.
But Schouwenberg advocates skepticism, saying organizations and IT professionals should focus their energies on risk management (see: Defending Against 'Wiper' Malware). "We are much better off trying to understand the attack better, and maybe use this incident as an opportunity for businesses everywhere to basically re-evaluate their current security strategy, which probably isn't quite tailored to this type of scenario and say: 'Hey, this is where I can improve my posture,'" he says. "So we should be focusing on that technical aspect, rather than on the potential motivations of the attackers."
In this interview with Information Security Media Group, Schouwenberg details:
- The relative ease with which wiper malware attacks can be crafted;
- Steps businesses can take to improve their security defenses against wiper malware;
- The importance of whitelisting applications - meaning that only approved applications are allowed to run on a PC, while all others are blocked.
Schouwenberg is a principal security researcher at Kaspersky Lab, as well as a founding member of the Anti-Malware Testing Standards Organization.