The Emerging Cyberthreat of Killware: Here’s What You Need to Know About It

In February 2021, hackers targeted a wastewater plant in Oldsmar, Florida, and tried to poison the water supply, potentially endangering around 15,000 residents. The hackers accessed the plant’s systems by exploiting vulnerabilities in an outdated version of Windows 7 OS as well as through a remote access software called TeamViewer. They increased the water’s sodium hydroxide levels from 100 to 11,100 parts per million – a dangerous amount. Fortunately, an alert plant operator discovered the attack in time and reversed the changes.

This incident was mitigated before anyone could be physically harmed. However, it is a great example of an emerging cyberattack – killware. 

Here, we will dive into what killware is, the factors that allow it to thrive, and how your organization can protect itself as well as defend against it. 

What is killware?  

Killware is any malware that is developed and deployed with the main intention of harming people or, in extreme cases, killing them. Unlike other attack methods, killware isn’t defined by how it works, but rather, how it ends. As such, cybercriminals can employ several attack methods – e.g., ransomware or phishing attacks – to achieve the desired result. 

Digitalization has become a necessity in organizations to enhance their operations, management, productivity, and convenience. This has led to increased dependency on technology, especially in the corporate world. Unfortunately, this, in turn, increased the vulnerability parameter that  threat actors can exploit. 

Most cyberattacks are launched in order to extract data, which can then be sold on the dark web, returned to the owners for a ransom payment, or, in nation state attack cases, used for espionage. However, some attacks may cause physical harm, thereby leading to a killware attack. For example, in 2019, a ransomware attack shutting down critical hospital systems led to the death of a baby in Alabama. 

Factors that majorly contribute to killware attacks 

While killware can be launched through several attack methods, there are a few vectors and targets that it impacts the most. 

Critical infrastructure is made up of several systems that are essential for a society to function properly. This includes water supply, electricity generation and distribution, gas, transportation, public health, telecommunication, physical infrastructure like buildings and roads, and so on. As such, there is a large population usually dependent on its services, making it an alluring target for killware attacks. 

While the incorporation of IoT, AI, and other connected devices are highly beneficial for organizations, they can also be exploited for vulnerabilities that can be used to launch cyberattacks. Similarly, OT devices and systems can be manipulated to cause hazardous events. Moreover, the convergence between IoT and OT devices can bring out unseen vulnerabilities that can be further exploited to cause harm. In fact, research shows that by 2025, threat actors will weaponize OT in order to kill or harm people. 

A major target of killware attacks is public sector institutions like governments, law enforcement, etc. Out of these, healthcare institutions are the most affected. The combination of IoT usage, along with outdated legacy devices, and large patient bases make them an ideal target for these attacks. 

Finally, since these attacks can be lethal, governments realize the need to take action through legislation. A couple of examples are the European NIS Directive or the Cybersecurity and Infrastructure Security Agency Act of 2018 in the US. 

How can you protect your organization from killware?  

Your organization can minimize the risk of killware attacks by adopting and practicing efficient cybersecurity protocols:  

1. Implement security controls like antivirus, antimalware, firewalls, encryption, and multi-factor authentication to ensure that all system devices are secure from security breaches.
   
2. Update all hardware, firmware, software, applications, and programs to the latest requirements to eliminate any vulnerabilities that cyberattackers could use to their advantage. Employ endpoint security programs and solutions to ensure added security on all system devices.
   
3. Implement the usage of strong passwords on all your organization’s connected devices. Additionally, employ encryption tools, multi-factor authentication, CAPTCHAs, and employee credential checks to prevent unauthorized access.
   
4. Maintain a strict inventory of all connected devices in your organization’s network. This includes knowing their location, the status of their function, and their patch management process. They should also be regularly screened for risk assessments to ensure their security.
   
5. Carefully monitor user activity on all systems and networks to ensure that there is no suspicious activity. Furthermore, regularly audit all systems for vulnerabilities. 
   
6. Network segmentation is key to ensuring better security and easier management of connected devices. When a network is split into subnetworks, it allows for the proper division of traffic into external (guest) users and internal (authorized) users. This allows for the safekeeping of sensitive data from any form of liability.
   
7. Invest in a strong cyber insurance policy to cover any liabilities in the event of a security breach.