Gartner raised the alarm on killware in July 2021, stating that while OT (Operational Technology) environments are usually targeted in ransomware attacks, the OT is no longer the objective of attacks, but the means to cause harm and even death to humans.
The same Gartner blog added that “operational technology environments will have been weaponized to successfully harm or kill humans.” by 2025.
What is Killware?
Security Boulevard presents one of the most succinct definitions of killware: Killware is “an overarching term that covers a wide variety of cyberattack types that target the real-life health of victims.” It is “defined by its end result, and can include any number of methods, including malware and ransomware.”
Consequently, we can expect killware criminals to target organizations and services that impact human lives including, but not limited to, healthcare organizations, water supplies, electric grids, emergency response services, oil and gas supplies, and telecommunications services.
The good news (if you can call it that) is that killware attacks are rare so far, but we have already been given previews of what’s at stake in such attacks.
Three Real-Life Killware Incidents
You may want to get some tissues for the first two. I’ll wait.
The first incident is heartbreaking — a newborn suffered injuries because monitoring equipment used at Springhill Medical Center (in Mobile, Alabama) was under a ransomware attack. The baby did not recover from the injuries and died nine months later.
In the second no less tragic incident, a German woman died of an aortic aneurysm on her way to another hospital when the hospital nearest to her turned her away because they were being held hostage by ransomware.
She suffered severe complications on the way to the alternate hospital and could not be revived despite the best efforts of the paramedics.
While the above cases were caused by ransomware that inadvertently became killware, the next case was a deliberate attack to cause death and mayhem.
In early 2021, cybercriminals purposefully breached a water treatment facility in Oldsmar, Florida, and boosted the level of sodium hydroxide in the water to more than 100 times the recommended safety limits that, if ingested, would cause death.
Fortunately, an alert operator noticed the unusual levels and quickly lowered the levels of sodium hydroxide in the water. If the breach had not been discovered and remedied, I can scarcely bear to imagine the carnage that would be wrought upon 15,000 men, women, and children in the city!
The Future Of Killware
Wars used to involve only men, women, and weapons of war, but Russia’s invasion of Ukraine in 2022 is showing us that a new front has opened in cyberspace.
Daily news shines a spotlight on cyber attacks by pro-Russia and pro-Ukraine factions launching attacks against each other’s critical infrastructure, military installations, websites, and even civilian facilities.
In fact, the invasion of Ukraine started long before Russian boots were on the ground, according to Ukrainian reporter Daryna Antoniuk.
So far, the Russians have succeeded in launching a wiper cyber-attack slowing down refugee crossings at the Ukrainian border, penetrating critical Ukrainian computer systems, and causing Internet blackouts in Ukrainian cities.
The Ukrainians aren’t having any of this, of course. They are fighting back with calls on their hacker underground to defend against Russia, and have hacking collectives like Anonymous declaring cyberwar against Russia on their behalf.
Threat actors and hacker groups have also become casualties in the conflict.
A member of Conti, a notorious Russian Ransomware-as-a-Service (RaaS) group, leaked the group’s chat logs and the identities of group members after its leaders publicly announced their support for Russia.
Further leaks since reveal all of the group’s source code and backdoors. These leaks may take down the entire group, their affiliates, and associates (hoorah!).
We won’t know the full impact that these cyber attacks have on the conflict until when the war is over, but one thing is certain: some of these attacks will inadvertently cause losses in human lives, turning whatever malware into killware.
Two things are clear at this point, though:
- Wars will not be confined to geopolitical borders from here on — cyberattacks can target either party in a conflict from third parties that are not directly involved in the war.
- Victory or defeat on battlefields may, in the future, be predicated on the success or failure of cyberattacks.
Do you know what’s more frightening, but which has yet to be reported in the current conflict?
Cyber attacks that take control of weapons of war, like in the instance where a 19-year-old security researcher hacked into and took control of more than 25 Teslas.
Now imagine an enemy taking over your military equipment and turning them into insider threats that attack your own troops in the midst of a gruesome battle!
What Can You Do?
Killware, though deadly, is basically just ransomware and malware, and should be treated as much.
The only difference between killware and ransomware is that the former is designed to harm human lives, while the purpose of the latter is for monetary gain and to inflict financial and reputation damages on organizations.
While you do not need to apply additional measures against killware, you should continue to ensure that you maintain good cybersecurity hygiene and take a holistic approach to secure your organization’s infrastructure and data:
- Gain visibility of cloud assets and automateautomate scans for threats and vulnerabilities with Cloud Security Posture Management (CSPM) tools that also offer quick and appropriate vulnerability remediationvulnerability remediation options
- Attain compliancecompliance with industry and local compliance standards that help you implement guardrails for your sensitive data
- Conduct user training to thwart phishing attempts
- Ensure the right permissions are given to the appropriate personnel with IAM IAM (Identity and Access Management) and enhance the behavioral analysis of users using tools such as UEBAUEBA (User and Entity Behavior Analytics)
- Have or engage a dedicated threat huntingdedicated threat hunting team to suss out and eradicate hidden threats within your network
- Augment security measures with regular penetration testspenetration tests, ransomware defense assessmentransomware defense assessment, compromise assessmentscompromise assessments, and spear-phishingspear-phishing campaigns
Ultimately, It’s About Good Hygiene
The recommended measures are by no means exhaustive but serve as a guide for attaining good cybersecurity hygiene.
If there’s one thing that’s as certain as death and taxes this year, it’s that there will be an increase in attacks and new types of attacks, such as the return of wiper malware (seen in recent attacks on Ukrainian government websites), which are “ticking time bombs” that are timed to “explode” and destroy data and hardware.