Virtual Event Today: Supply Chain Security Summit - Join Event In-Progress

Security Experts:

Connect with us

Hi, what are you looking for?


Malware & Threats

Malware’s Destruction Trajectory and How to Defeat It

Malware and targeted attacks on operating systems and firmware have become increasingly destructive in nature, and these more nefarious attack methods are rising in prevalence. And just to add insult to injury, there are more of them. Today’s attacks are hitting more often, and they are hitting harder.

Malware and targeted attacks on operating systems and firmware have become increasingly destructive in nature, and these more nefarious attack methods are rising in prevalence. And just to add insult to injury, there are more of them. Today’s attacks are hitting more often, and they are hitting harder.

In the first three decades of its existence, malware was primarily restricted to mischief and attempts by virus creators to discover if their creations would work. But now the threat landscape has changed from simple vandalism to lucrative cybercrime and state-sponsored attacks.

Wiper malware, in particular, has gained traction in recent months; our FortiGuard Labs research team has seen at least seven different malware attacks targeting Ukrainian infrastructure or Ukrainian companies so far this year. The primary reason for using Wiper malware is its sheer destructiveness – the intent is to cripple infrastructure. What does the increased presence of Wiper malware strains indicate? And what do security leaders need to know and do to keep their organization safe? 

More malicious malware – Wiper malware takes hold 

Wiper malware renders a machine completely useless, and researchers are spotting more and more incidences of its use, particularly since the start of the war in Ukraine. One such example is DoubleZero, which has reportedly targeted Ukrainian enterprises – though it has yet to be spotted outside that country.  

The emergence of LokiLocker ransomware is another variant that researchers have seen. If the victim does not pay the ransom, the ransomware is capable of targeting the Windows OS, deleting all non-system files and overwriting the Master Boot Record (MBR), rendering the hacked machine inoperable.

These malware strains have different levels of sophistication. While some strains wipe a master boot record – which is easy to recover from – other strains go even further to wipe out entire partitions, which kills the data, and then it looks for backups and wipes those out, too. That’s considerably worse. 

And then there are the Wiper attacks targeting firmware, which effectively transforms your machine or device into a paperweight. This is a topic we’ve been discussing for several years, but it’s just recently started showing up in the wild. 

Another consideration is Brickerbot, malware that renders IoT devices incapable of connecting to the internet. The goal is to destroy a network rather than just disrupting it to gain a ransom. A historic example is the Hajime ransomworm, which can download Brickerbot, can also identify CPE devices and protocols and then remove the rules that allow a CPE device to talk to its service provider. For service providers, that means millions of devices could all go dark simultaneously, with no way to see, control or manage them.

What cybersecurity requires today

Prevention and recognition are especially challenging for security operation center (SOC) teams because the current infection vectors for the latest malware are often unknown. When adversaries are evolving just as quickly as security teams, it can feel impossible to keep up. That is why businesses must continue to evolve and learn. With new threats and vulnerabilities for attackers to exploit, SOC teams require clear insight into their networks, as well as enhanced security mechanisms that function in tandem. 

To defend the network from this wide range of threats, enterprises need to use AI-powered prevention, detection and response strategies based on an integrated cybersecurity architecture. This will enable tighter integration and increased automation, as well as a more coordinated, effective and rapid response to threats across the extended network.

Enterprises also need to ensure all members of the organization are trained in proper security protocol. Now that anyone can be attacked, cybersecurity is everyone’s job. Make cyber hygiene training part of the employee onboarding program and provide ongoing updates to that training so all employees are apprised of the latest threats.

It’s also essential to provide total coverage for IoT devices within the network. These devices expand the threat landscape – sometimes exponentially, in the case of remote and hybrid work scenarios – introducing back doors into the network that must be identified, closed and locked. And because staff can’t see every entry point, you need to equip security teams with the latest AI-backed security measures. This will ensure visibility is high and help teams respond to threats faster. 

More than one step ahead

There’s more malware than ever, it’s more destructive than ever and the stakes continue to get higher. Whether for political reasons or for profit, hackers are cranking up the threat level. It’s a matter of business life and death to defend against things like wiper malware, whose intent is nothing less than to destroy devices and the infrastructure supporting your organization. Defeating attacks of this type require an integrated security approach that enables complete visibility for the SOC team and its AI-based solutions. And of course, standard cyber hygiene rules still apply, as does consistent staff training. You can defeat these serious threats, but it takes a well-considered and comprehensive strategy to do so.

Related: U.S. Gov Issues Stark Warning, Calling Firmware Security a ‘Single Point of Failure’

Written By

Derek Manky is Chief Security Strategist & VP Global Threat Intelligence at FortiGuard Labs. Derek formulates security strategy with more than 15 years of cyber security experience behind him. His ultimate goal to make a positive impact in the global war on cybercrime. Manky provides thought leadership to industry, and has presented research and strategy worldwide at premier security conferences. As a cybersecurity expert, his work includes meetings with leading political figures and key policy stakeholders, including law enforcement. He is actively involved with several global threat intelligence initiatives including NATO NICP, INTERPOL Expert Working Group, the Cyber Threat Alliance (CTA) working committee and FIRST – all in effort to shape the future of actionable threat intelligence and proactive security strategy.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Malware & Threats

Threat actors are increasingly abusing Microsoft OneNote documents to deliver malware in both targeted and spray-and-pray campaigns.

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.


More than 3,800 servers around the world have been compromised in recent ESXiArgs ransomware attacks, which also include an improved process.

Malware & Threats

A vulnerability affecting IBM’s Aspera Faspex file transfer solution, tracked as CVE-2022-47986, has been exploited in attacks.

Malware & Threats

Unpatched and unprotected VMware ESXi servers worldwide have been targeted in a ransomware attack exploiting a vulnerability patched in 2021.