Cisco has warned that the recent Petya/NotPetya and WannaCry campaigns could foreshadow a dangerous new breed of “destruction of service” (DeOS) attacks.
Like the ‘Petya’ campaign which seems to have been primarily aimed at crippling organizations in Ukraine, these new DeOS attacks will look to make it impossible for victims to restore affected systems once infected.
In the case of ‘Petya’, the attack was crafted to overwrite the victim machine’s Master Boot Record, with no means of recovery.
Cisco claimed, in its Midyear Cybersecurity Report, that the exact make-up of these DeOS attacks will depend on the motivations of the hackers involved “and the limits of their creativity and capabilities.”
It also argued that the IoT would play a major role:
“What we can be sure of is that the emerging Internet of Things (IoT), and its myriad devices and systems with security weaknesses ripe for exploitation, will play a central role in enabling these campaigns of escalating impact. The IoT is a bold new frontier for attackers and defenders in their arms race.”
On the positive side, the report also revealed that Cisco has reduced its time-to-threat-detection from a median of 39 hours in November 2015 to just 3.5 hours for the period November 2016 to May 2017.
Fujitsu EMEIA head of enterprise and cybersecurity, Rob Norris, argued that the typical financial and reputational impact of cyber-incidents pale in comparison to those resulting from destructive attacks.
“Engagement must start from the top: the C-suite must understand the risks, ensure their organization is well prepared and develop a comprehensive plan. Time must also be taken to actively test existing networks, spot and quickly address any blind spots in the system and educate the entire workforce on best practice,” he explained.
“As technology such as Internet of Things, artificial intelligence and big data becomes integral to business operations, all staff will have to remain prepared for the increasing potential of cyber-attacks. Cyber-criminals are becoming smarter and naivety is no longer an option in a world where cyber threats could potentially halt your business in its tracks.”