Cyberattacks are appearing in a new guise, in the form of killware. Killware is a code or program that deploys on machines with the sole intention of causing harm to people. As the name suggests, its aim is to kill. This deadly malware is, unfortunately, a growing threat right around the world.
Killware attacks might sound strange to some, but they’ve become a very real threat to critical infrastructure operators such as oil and gas pipelines, power generators, healthcare providers, medical facilities, and water supplies. Protecting against killware threats requires a different approach, one that prevents the attack from happening in the first place instead of reacting retrospectively.
How does killware work?
Killware attacks are devised to cause real-world damage by manipulating operational technology (OT) – the pumps, equipment, valves, turbines, and other technologies that keep the world running and our lives in order.
In 2021, for example, a hacker broke into Florida’s water treatment facility and changed the chemical levels. The malicious actor boosted the level of sodium hydroxide in the water supply to 100 times higher than the normal level. Sodium hydroxide is used to control water acidity and remove metals from drinking water in treatment plants, but when an increased level is introduced, it can prove deadly to humans upon consumption.
Up until recently, attacks against industrial control systems were only possible upon physical access to a facility. Few OT devices were connected to external networks. However, due to the rise of cloud-based infrastructures and IoT devices, cloud-enabled OT devices have allowed killware to thrive. Hackers now have millions of devices to attack and in many different ways.
Other than by hoping that someone is able to detect a killware attack before it can happen, the only other deterrent is by utilising advanced and sophisticated cybersecurity measures. OT devices need robust cybersecurity that is strong enough to prevent hackers from gaining access in the first place.
Industry best practices
Industry standards provide valuable guidance for organisations to protect their network or system against killware. There are some industry standards that provide direction on how to protect critical infrastructure against killware.
For example, the U.S. Cybersecurity & Infrastructure Security Agency (CISA) updates its guidance on protecting critical systems regularly, including its publication “Seven Steps to Effectively Defend Industrial Control Systems”.
The North American Electric Reliability Corporation’s (NERC) Critical Infrastructure Protections for balancing physical security and cybersecurity is used within the electrical industry and can be used as a cybersecurity framework in other sectors like pipeline security and transportation.
These controls and the mitigations they provide are also beneficial for other industries to consider when tackling killware. The two most important concepts are limiting interactive remote access and limiting its external routable communication.
Hardware-enforced security
Technology plays a major role in preventing killware attacks, along with the best practices mentioned above. Hardware-enforced security can make killware ineffectual. The open nature of software firewalls means they can be frequently hacked, numerous vulnerabilities enabled and provides for the introduction of new threat vectors. Monitoring and threat detection methods are important but only yield results after the fact. Killware needs to be detected beforehand.
Hardware-enforced network segmentation data can flow out of a source network in a secure way to an external destination without introducing risk. Companies employing an air-gapped architecture can connect externally through hardware-enforced technology. Not only does this prevent threats from entering back into the network but can improve overall security at the same time.
The Department of Homeland Security (DHS) recommends eliminating as many connections as possible in critical infrastructure networks. If connections are needed, converting them to a one-way out only architecture is advised. This enables hardware-enforce data diodes to lock down critical infrastructure devices and networks to prevent killware attacks.
What the experts say
The good news is killware can be prevented by integrating proven hardware-enforced technologies and by leveraging available standards as part of a defence-in-depth strategy. RiskXchange offers the following tips to prevent malware and to help stop killware in its tracks:
- Take advantage of hardware-enforced security to make killware ineffectual.
- Keep on top of industry standards and best practices.
- Keep operating systems, software, and applications current and up to date.
- Make sure anti-virus and anti-malware solutions are set to automatically update and run regular scans.
- Back up your data regularly and double-check that those backups were completed.
- Secure your backups. Make sure they are not connected to the computers and networks they are backing up.
- Create a continuity plan in case your business or organisation is the victim of an attack.
Get in touch with RiskXchange to find out more about killware and how it can threaten your organisation.