Now you see it, now you don't: wipers in the wild
Contents
WWW.VIRUSBULLETIN.COM/CONFERENCE
NOW YOU SEE IT, NOW YOU
DON’T: WIPERS IN THE WILD
Saher Naumaan
BAE Systems Applied Intelligence, UK
[email protected]
ABSTRACT
Wipers are an APT’s new best friend. Traditionally, it is rare for
destructive malware to appear in cyber espionage, and it
generally runs counter to the conventional interests of an
Advanced Persistent Threat (APT) – such as intelligence
collection, persistence and covert access. But wiper malware is
now appearing more often, emerging in APT toolkits, and was
seen in at least four attacks in 2017 following only a handful of
instances in the previous decade.
Does this mean the motivations of state actors are changing? We
have seen APTs deviate from espionage and branch into
criminal operations such as bank heists and the sabotage of
critical infrastructure and industrial control systems. From the
debilitating WannaCry to the sophisticated false flag Olympic
Destroyer, the heightened deployment of wipers suggests there
has been an evolution in attacker behaviour.
This paper examines three different classifications of wipers
through examples of various politically targeted attacks:
espionage (in …
NOW YOU SEE IT, NOW YOU
DON’T: WIPERS IN THE WILD
Saher Naumaan
BAE Systems Applied Intelligence, UK
[email protected]
ABSTRACT
Wipers are an APT’s new best friend. Traditionally, it is rare for
destructive malware to appear in cyber espionage, and it
generally runs counter to the conventional interests of an
Advanced Persistent Threat (APT) – such as intelligence
collection, persistence and covert access. But wiper malware is
now appearing more often, emerging in APT toolkits, and was
seen in at least four attacks in 2017 following only a handful of
instances in the previous decade.
Does this mean the motivations of state actors are changing? We
have seen APTs deviate from espionage and branch into
criminal operations such as bank heists and the sabotage of
critical infrastructure and industrial control systems. From the
debilitating WannaCry to the sophisticated false flag Olympic
Destroyer, the heightened deployment of wipers suggests there
has been an evolution in attacker behaviour.
This paper examines three different classifications of wipers
through examples of various politically targeted attacks:
espionage (in …