RESEARCH TRIANGLE PARK – Destructive malware attacks on companies have now become a tool used by cybercriminals, not just nation states, and the number of suck incidents has surged 200 percent in just six months, says IBM’s X-Force IRIS. And the tech first responders have recommendations on what companies of all sizes should do to improve their networks.

“In the past, destructive malware was primarily used by sophisticated nation-state actors, but new analysis from X-Force’s incident response data has found that these attacks are now becoming more popular among cybercriminal attackers, with ransomware attacks including wiper elements to increase the pressure on victims to pay the ransom,” says IBM analyst Camille Singleton.

“Wiper elements” make such attacks especially dangerous.

“What might start as an account compromise, where you think you might just lose data, can quickly become a situation where you’ve lost your whole network,” wrote the director of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency in June.

The latest report follows news last month that the average cost of a data breach is now more than $8 million, according to IBM.

IBM: Average cost of data breaches at US companies soars to $8.19M

X-Force says companies regardless of size need to be prepared.

“The evolving trend of destructive malware attacks also means that organizations of all shapes and sizes may find themselves a target in the near future — and must prepare accordingly,” Singleton wrote.

Destructive Attacks — By

So what can companies do to cut down on the risks of a malware attack? Here are seven suggestions from X-Force:

  1. Test your response plan under pressure. Use of a well-tailored tabletop exercise and a cyber range can ensure that your organization is ready at both tactical and strategic levels for a destructive malware attack.
  2. Use threat intelligence to understand the threat to your organization. Each threat actor has different motivations, capabilities and intentions, and threat intelligence can use this information to increase the efficacy of an organization’s response to an incident.
  3. Engage in effective defense in depth. Incorporate multiple layers of security controls across the entire Cyberattack Preparation and Execution Framework.
  4. Implement multifactor authentication (MFA) throughout the environment. The cost-benefit of MFA is tough to overstate, providing significant cybersecurity benefit in reducing the value of stolen or guessed passwords dramatically.
  5. Have backups, test backups and offline backups. Organizations should store backups apart from their primary network and only allow read, not write, access to the backups.
  6. Consider an action plan for a quick, temporary business functionality. Organizations that have been able to restore even some business operations following a destructive attack have fared better than their counterparts.
  7. Create a baseline for internal network activity and monitor for changes that could indicate lateral movement

Read the full report online.