A new type of cybersecurity threat has been named “killware” to describe an attack motivated by a desire to do physical harm rather than for financial gain. But is this something new, and is it as frightening as the name implies?
Killware is not a Good Descriptor
Our view is that this new term has been coined to describe increasingly troublesome cyber attacks that cause harm. One obvious one is the attack on the Colonial Pipeline in June, 2021 which caused massive disruptions for homes and businesses along the east coast. Although no lives were lost, the cyber incident caused disruptions and fear. It could have been much worse.
In October, USA Today interviewed US Secretary of Homeland Security Alejandro Mayorkas about growing cybersecurity threats, and then published an editorial with a headline:
The article detailed examples of attacks on public infrastructure like the pipeline, water treatment facilities and municipal governments. Secretary Mayorkas used the term killware to describe hacking events that cause physical harm. But because events may cause harm does not mean the threat actor intended to harm people.
The fact that cyber crime can cause physical harm is not news, in the sense that cyber crime has been on the rise for years, and the threat has been acute for healthcare organizations during the pandemic. Naming cyber incidents as “killware” is not accurate, not helpful, and sets off unnecessary misplaced fears and alarms.
Lots of cyber incidents can cause harm, even physical harm, but it does not mean the hacker is a murderer, or intends specifically to harm people. For most organizations today and for consumers at home, cyber threats are not rising to the level of ongoing intentional efforts to kill or harm people. You shouldn’t add this to your list of worries.
Cyber warfare between nation states is real, and this blog is not meant to imply that threat actors never intend harm when it comes to threats at that level.
Stay Alert to Cyber Threats
On the other hand, cyberattacks can wreak havoc on the electronic systems on which we all depend for modern life. We depend on computers and electronic devices of all kinds at home and at work. Cyber incidents in healthcare including ransomware, medical identity theft and EHR downtime are all serious problems, even life threatening. We recently wrote about how dangerous cyberattacks can be in a healthcare environment, where patient safety relies on electronic devices connected to the internet operating as intended, without interruption.
HIPAA Compliance is Still the Best Defense
The lesson is the same as cyber threats become more common. You don’t need a new kind of defense measure to fight “killware”, because cyber attacks aren’t different, in method or tactics, depending on motives.
The same defenses work against all attacks. If you’re concerned, make sure you are following HIPAA – doing a Risk Analysis and Risk Management, and all the other basics we’ve covered before, below.
Advice from The Cybersecurity and Infrastructure Security Agency (CISA), the FBI and The US Department of Health and Human Services emphasize:
- Keep operating systems, software, and applications current and up-to-date.
- Make sure anti-virus and anti-malware solutions are set to automatically update and run regular scans.
- Back up data regularly and double-check that those backups were completed.
- Secure the backups. Make sure they are not connected to the computers and networks they are backing up.
- Create a continuity plan to manage in the aftermath of a ransomware attack.
- Workforce cybersecurity training.
For more, a good common sense blog on this topic is from Malwarebytes Labs, “Killware”: Is it just as bad as it sounds?