Killware refers to malware that seeks to impact the real-life health of its targets. The goal is to intentionally cause physical harm as well as loss of life by attacking infrastructure such as power grids, airports, and hospitals among others.
As much as killware can be similar to ransomware, the distinction is that ransomware’s main objective is obtaining a ransom while killware prioritizes physically harming people.
Table of Contents
Threat of Killware
The potency of killware is demonstrated in environments where network-enabled machinery is in use. Access to the internet introduces vulnerability to hospitals, factories, construction sites, and other forms of infrastructure.
Hospitals and healthcare providers
Hospitals and healthcare providers are increasingly at risk of killware attacks. Any form of service interruption and system downtime, however brief, could prove to be fatal in a medical environment, as this could interfere with monitoring equipment and treatments critical to the survival of patients.
Risk also extends to individuals with internet-connected medical devices like pacemakers. Compromising these devices may lead to manipulation of how they work and result in casualties.
Medical equipment manufacturers are not safe either. If their systems are compromised, attackers can tinker with equipment ensuring that faulty products are mass-produced to result in extensive damage.
Internet of Things (IoT)
IoT devices are ubiquitous today, presenting an extensive attack surface for threat actors to exploit. We know that killware seeks to at the very least injure, but its threat to IoT devices reminds us that it could happen to any of us.
For instance, killware can take command of a car and ensure it malfunctions to kill the passengers. Home networks and smart devices meant to make lives more convenient can be hacked to cause physical harm to home occupants.
A hacker carried out an attempted mass poisoning on a water treatment plant in Oldsmar, Florida. The hacker increased the sodium hydroxide levels added to water by at least a hundredfold. Thankfully, an employee noted and stopped the hack before any damage was caused.
Ransomware has shut down pipeline networks to deny extensive regions access to gasoline. An example is the Colonial Pipeline ransomware attack, which sent the east coast into a panic. Such critical infrastructure at the mercy of killware could result in unprecedented devastation.
Is Killware as Devastating as it Sounds?
Killware is a potent threat that should be taken seriously. In today’s interconnected world, the risk of killware is shared as the impact of killware extends to those without the responsibility to secure affected systems. This means that a simple oversight, security flaw, or gap can jeopardize a whole ecosystem since the effects of killware have the potential to cause wide-reaching devastation.
Additionally, the motivation is very concerning. Typical cyberattacks are often financially motivated. However, these cyberattacks, whose primary motivation is to cause physical harm, pose a serious threat to society as a whole.
The technology environments they compromise suffer beyond just service disruption, reduced production, and reputational vandalism as these kinds of attacks continue evolving. Where human life is threatened, the outcome of killware attacks could be cataclysmic. Aside from physical harm or death, the impact of killware could lead to widespread fear within society.
Weaponising technology also threatens national security through potential mass casualties, environmental impact, and outages of critical infrastructure. Moreover, organizations can be left reeling in the aftermath of killware attacks.
They have to deal with compensation, insurance, and litigation costs. Tarnished reputations in addition to regulatory fines are also a reality that organizations face, with personal liability placed upon leaders of organizations.
Protection Against Killware
Endpoint detection and response solutions
Implementing measures to safeguard network endpoints helps to proactively deal with cyber threats. Endpoint detection and response (EDR) tools enable enterprises to constantly monitor endpoints and flag threats and anomalies. These tools help isolate and remediate threats, including killware, before they fulfill their sinister motives.
Partnering with managed security service providers
The rate of evolution of malware and other threat actors makes it almost impossible for organizations to count on reactive approaches to overcoming attacks. Furthermore, as the consequences of attacks become much more sinister, organizations cannot solely rely on mitigating potential points of intrusion.
As such, a proactive approach involves working with managed service providers that are capable of securing critical infrastructure. Managed security service providers (MSSPs) grant enterprises the ability to continuously monitor their infrastructure. MSSPs offer aggressive and robust detection capabilities to quickly expose, mitigate, and remediate threats.
Hardware-enforced network segmentation
Where monitoring and detection tools struggle, hardware-enforced network segmentation succeeds. This approach is enabled by data diodes, which are defined as unidirectional network communication devices that facilitate one-way data flow between segmented networks. Data moves to a destination network without risk.
These hardware-enforced data diodes can isolate critical infrastructure networks and assets from the reach of killware attacks.
Offline encrypted storage
As vulnerability is facilitated by a connection to a network, enterprises may involve offline encrypted storage in any comprehensive solution to beat killware. Coupled with remote management, administrators can remotely restrict access to data and assets through automated access control measures as well as time-fencing and geo-fencing to narrow down access to predetermined locations and times.
Best Practices of Handling Killware
Guidance from industry standards
There are industry standards that give direction on how to secure critical infrastructure. For example, the United States Cybersecurity and Infrastructure Security Agency (CISA) frequently ensures that its guidelines on protecting critical infrastructure are up to date.
The North American Electric Reliability Corporation (NERC) has frameworks that help balance cybersecurity and physical security. Such approaches may be adapted as cybersecurity frameworks in different sectors.
Penetration testing and vulnerability assessments
Carrying out regular penetration tests and vulnerability assessments is a proactive approach to identify security gaps and vulnerabilities in networks. Penetration testing allows enterprises to safely test their security posture from the point of view of an attacker and address gaps before an actual attacker exploits the gaps.
Safety is a team effort. Partners with access to your network and assets such as your data can either complement and enhance your security posture or completely undermine it. The weakest link in your ecosystem reflects your security posture. As such, working with partners or vendors who uphold stringent cybersecurity measures enhances the protection of your whole supply chain.
Frequent staff training
To stay up to date with cybersecurity measures across the enterprise, staff should be trained to understand how to keep the enterprise secure from cyberattacks. Training employees on how to identify anomalies and risks and providing them with the tools to deal with threats may prove to be a cost-effective method of upholding security. This approach creates a collective responsibility towards security and yields a security-oriented company culture.
Cyber incident response policies
Cyber incident response policies help enterprises to mitigate risk and ensure their incident response is effective. These incident response policies should be cross-functional initiatives that ensure incident response plans are rigorously tested from time to time.