Cybereason Intelligence Group examines the growing trend of destructive attacks

Written By

Sarah Maloney

The latest report issued by the Cybereason Intelligence Group (CIG), Owning the Battlefield, examines the increase in the quantity and specificity of destructive cyber attacks, especially those associated with nation-state actors.

Owning the Battlefield also looks at how this trend has been accompanied by a low degree of sophistication, in the aggregate, of the attack tools. Considering the extent of the damage caused, you'd expect that these attacks were carried out with very sophisticated toolsets. But, aside from Stuxnet and Crash Override/Industroyer, most of the malware used in destructive attacks over the last 35 years consisted of basic techniques such as boot record wipers.

Additionally, the report discusses the government’s policy paralysis and why a substantial policy shift is unlikely. With no ability to dissuade nation state from carrying out destructive attacks, the private sector will ultimately pay price.

Key Takeaways

  • The general trend, especially since 2010, has been that relatively simple, but very capable malware is behind destructive cyber attacks. Even the most recent example, NotPetya, was a relatively simple destructive module that was paired with a fairly sophisticated and hard-to-detect backdoor. Cheap, dirty but effective is all any actor needs to play in this arena.
  • To date, many cyber incidents are still motivated by espionage or criminal activity and don't rise to the level of destructive attacks. However, the increased use of these tools, especially by nation-state actors, is an alarming trend that is unlikely to abate any time soon.
  • There is no incentive for nations to stop this behavior. They can use these attacks to signal displeasure, retaliate for another’s actions, or conduct disruptive, covert operations with impunity. The ability to strike internationally with relative ease combined with a comparative lack of retribution has created an environment where nations will continue to experiment and grow increasingly bold in their attacks.
  • The private sector is most often the victim of these attacks because it is both less secure than government networks and has been largely deemed a “safe” target from a retaliation standpoint.
Sarah Maloney
About the Author

Sarah Maloney

Sarah Maloney is a writer for the Cybereason Blog, covering all things cybersecurity.

Related Posts

Running Robust Managed Detection and Response Services

Running Robust Managed Detection and Response Services

Looking into how the SOC fits into the business in addition to identifying the specific use-cases will help a team define and create an effective operation and service delivery...

THREAT ALERT: Aggressive Qakbot Campaign and the Black Basta Ransomware Group Targeting U.S. Companies

THREAT ALERT: Aggressive Qakbot Campaign and the Black Basta Ransomware Group Targeting U.S. Companies

This threat alert describes an aggressive new attack campaign operated by the Black Basta ransomware group. The fast-moving campaign is targeting U.S. companies, and in many cases, is causing serious damage to their IT infrastructures.

Recent Posts

Cybereason TTP Briefing Q4 2025: Diverse Phishing Tactics and RATs on the Rise
Fake Installer: Ultimately, ValleyRAT infection
Identity & Beyond: 2026 Incident Response Predictions

Categories

All Posts