Rise in Data-Wiping Malware Attacks

Experts from Positive Technologies have published a report on the most relevant cyberattacks of the first quarter of 2022. According to their findings, the total number of attacks increased by 14.8% compared to the fourth quarter of 2021, with data-wiping malware (wipers) emerging as one of the most significant threats.

Attack Trends in 2021 and 2022

Analysts attribute the overall increase in attacks to the “escalation of confrontation in cyberspace.” Government and healthcare institutions, as well as industrial organizations, were most frequently targeted. Notably, the media sector has now entered the top five most attacked industries, accounting for 5% of all attacks.

In the first quarter of 2022, the number of attacks targeting government agencies nearly doubled compared to the previous quarter. Hackers primarily aimed to disrupt the core operations of organizations and steal confidential information.

Researchers also observed a surge in attacks on the web resources of various government agencies in the second half of the quarter: their share rose to 22%, up from 13% in the previous quarter.

Types of Stolen Information

The report states that attackers mainly sought to steal confidential information, especially personal data (34%) and trade secrets (19%). Medical information (15%) and account credentials (12%) were also popular targets.

In attacks on individuals, stolen data most often included account credentials (46%), personal data (19%), and payment card information (21%).

Spread of Infostealers and Wipers

Recently, cybercriminals have been actively spreading infostealers—spyware designed to steal information, including login credentials. Hackers are particularly interested in credentials for various VPN services, which are later sold on underground forums. Among malware used in attacks on organizations, spyware accounts for 18%, while in attacks on individuals, it makes up 38%.

Positive Technologies experts also noted an increase in the number of wipers—malware that destroys data. “In the first quarter of this year, we observed a rise in attacks using wipers: for organizations, their share was 3%, and for individuals, 2%,” said Ekaterina Semykina, an analyst at Positive Technologies’ research group. “Among the data ‘cleaners’ that became widespread in the first quarter were WhisperGate, HermeticWiper, IsaacWiper, DoubleZero, and CaddyWiper.”

Interestingly, in some cases, this malware imitated ransomware attacks: victims even received ransom messages, but no decryption keys were provided, and the data was irreversibly damaged.

Wipers spread in various ways: for example, HermeticWiper was distributed via a network worm, while DoubleZero was found in archives sent through targeted phishing attacks. In the case of CaddyWiper, attackers typically already had access to compromised organizational networks.