While most malware is deployed to steal privileged information or extort money from victims, Killware poses a much greater threat. Killware is a blanket term for any number of cyberattacks that are targeted at killing or damaging the real-life health of targets and defined by its result. These attacks could take place on any scale, either against one victim or a larger population. With every aspect of our lives now integrated with the internet, the impact of a successful Killware attack could be devastating.
In Florida earlier this year there was an attempted Killware attack on a water treatment facility. After entering the plant’s poorly guarded system, a threat actor boosted the level of sodium hydroxide in the water by lethal levels. Fortunately, the attack was immediately noticed by an operator, but if not for a quick response, the water supply for over 15,000 people could have been poisoned by a simple hack.
Like many cybersecurity vulnerabilities the threats are vast and often unknown. Killware could be devastating if a hospital, police, or emergency services became the target of an attack. Such an intrusion could lead to civilians suffering life-threatening complications or even death. Speculation is that companies in the private sector may already have more of a widespread problem than is known. Such companies often do not make cyberattacks public.
Killware could also be weaponized to attack transportation systems and other commonly used services. A report from Gartner predicts that by 2025, “cyber attackers will have weaponized operational technology environments to successfully harm humans.” With the success in extorting money from vulnerable businesses, the pace of hackers is not expected to slow anytime soon.
While Ransomware is usually employed to try and extract money from a target, the same software could be used as Killware. Ransomware works by taking control of specific systems or files, making a company’s databases inaccessible. Then the attacker demands a ransom in return for access to those files. However, if someone were to use the same tactics to shut down or disrupt a service that puts the safety of individuals at risk this has the potential to be a very real danger for society.
Clearly, Killware is a problem that will escalate over the coming years, especially in the event of any kind of cyber warfare. Companies should implement a security control framework to safeguard their operating technology systems. This is to prevent incidents in the digital world from having an adverse effect in the physical world. Security and risk management leaders must ensure that their organizations adopt a robust framework of controls that exists to enhance the security posture while meeting security standards
Many of the large-scale threats are out of any individual’s control. However, there are small steps that one can take to protect yourself. If you are going to use smart devices around the house, ensure that your Wi-Fi is protected with strong, randomized passwords, mixing numbers with upper and lowercase letters. An unsecured network is the easiest way for malicious hackers to take control of your home devices.