• Flexi Group

Killware or malware designed to do real-world harm

Ransomware is the current king of the cybersecurity threat landscape, in part because of a demonstrated willingness by criminal groups to escalate to real-world damage to infrastructure. U.S. Department of Homeland Security Secretary Alejandro Mayorkas thinks that things are poised to go a step further in that direction in the very near future.

Mayorkas told USA Today that "killware" designed to purposefully cause death is the next big cybersecurity concern, citing recent assaults on water treatment facilities and hospitals as examples. Gartner research backs up his prediction, predicting that threat actors would weaponize operating settings to damage and kill people over the next four years.


With assaults on medical facilities and utilities, the "Killware" cybersecurity threat develops.


While ransomware has impacted supply chains for the first time this year, creating delays in everything from gas to meat delivery, these assaults do not pose a direct threat to human health or safety. They are clearly more serious than in past years, but Mayorkas says his main fear is a non-ransomware cybersecurity issue that has garnered significantly less public attention.


In the February attack on a water treatment facility in Oldsmar, Florida, Mayorkas saw the prototype for killware. An unknown person gained direct access to the facility's controls by using old remote TeamViewer login credentials (that were meant to be deactivated) and attempting to elevate the level of lye in the public water supply to hazardous levels. Lye is commonly used as a disinfectant at smaller concentrations, but a strong enough concentration can cause skin burns and internal damage.


An on-site operator observed activity on the plant's console while the attacker attempted to modify settings, thwarting the operation; Oldsmar officials also stated that the public was not in danger since raising chemicals over a hazardous level would activate automated alarms and mechanical failsafes. This wasn't the first time a former employee used their old login credentials to try to shut down the chemical treatment process and distribute tainted water; a similar incident occurred in a Kansas water treatment facility.


These malicious attempts come on the heels of three ransomware attacks on water and wastewater treatment plants. In these circumstances, the cybersecurity threat was quite ordinary, encrypting information but making no attempt to manipulate industrial equipment or do bodily harm. Mayorkas, on the other hand, sees the killware notion growing to mix direct threats of damage with ransomware assaults or other similar breaches.


Given the trend of escalation and breaking of "red lines" that criminals were not courageous enough to breach in prior years, there is grounds to believe this idea. Ransomware has been mostly inactive as a cybersecurity threat for several years before resurfacing in 2019, shifting from indiscriminate assaults widely disseminated by bot networks to targeted attacks on large, well-funded businesses that frequently involve research and spear phishing. In 2020, some of the larger ransomware gangs threatened to "doxx" confidential company information if ransoms were not paid; in response to a refusal or failure to pay within the time limit, some of the bigger ransomware gangs would dump stolen personal information and corporate secrets on dark web sites.


The willingness to strike key infrastructure directly was the next great step, as seen by media attention this year. All sorts of threat actors had historically avoided doing so for fear of facing harsh retaliation from national governments. The readiness of big ransomware gangs such as REvil and Darkside to cut off gasoline and food supply signalled a shift in the situation.


As daring threat actors display a willingness to cause death and devastation via infected systems to extort payments or just to make a political statement, Mayorkas believes killware will be the next line to be crossed in the cybersecurity threat environment. “This is an alarming development, but not entirely unexpected. Malware, including ransomware, is a fast-growing criminal market, and over time it’s inevitable that we’ll begin to see increasing numbers of so-called ‘killware’ attacks, aimed at crippling infrastructure … The US government is taking the threat of cyberattacks increasingly seriously, proposing new legislation that would require critical infrastructure owners to report attacks to CISA to enable the government to gain a better understanding of the threat. This is an important step, but it’s also up to organizations themselves to ensure they have the right technology and security protocols in place to defend themselves. Sadly, I expect that we’ll begin to see a growing number of headlines about killware as these attacks become more widespread"


How severe is the threat of killware?

That boundary has already been crossed in Germany, even though it was not the attackers' intention. Last year, a lady being taken by ambulance was turned away from a non-functioning institution and died en route to the nearest alternative, the first fatality officially connected to ransomware. Ransomware was also connected to a baby's death in Alabama in 2019, when nurses failed to notice a decrease in heart rate that would have been visible on a huge central monitor.


In July, Gartner Inc., a global market research and risk management consulting firm, issued a study estimating that by 2025, a cybersecurity threat weaponizing industrial facilities will have killed 500,000 people. According to the business, the cost of assaults that result in fatalities might exceed $50 billion per year, and that public and government reaction could lead to CEOs being held personally liable for cyberattacks that result in physical harm or death.


by Flexi Team

*DISCLAIMER: This article and its publication are intended to provide a brief introduction and act as a general guide. This is provided for information purposes only and cannot be utilized as a substitute for professional advice. This document does not represent a legal opinion and one must not rely on it without receiving independent advice based on the particular facts of its own case. No responsibility is accepted by the author or the publishers for any loss suffered from acting or refraining from acting based on the contents of this publication.


We are a team of experienced professionals, all sharing a unique drive for learning and development through teamwork. The Group utilizes its various core activities to implement customized solutions for its clients. Our collective experience spans the areas of Global Corporate & Fiduciary Services, Assurance & Advisory Services, Fund Administration, Tax Advisory, Corporate Governance, Financial Services, Private Wealth Services and Compliance.


Start a conversation with us today to find out how you can benefit from a relationship with Flexi Group.

Please get in contact with our Head of Business Development:


Mrs Daniella May / Head of Business Development

Tel.: + 357 7000 2 5555 / + 357 22 87 57 55

E: inquiries@flexi-group.net

We also organize calls using Skype. Our flexi Skype ID is web@flexi-group.net

4 views0 comments