Disruptionware: A New Cyber Threat Targeting Critical Infrastructure

Disruptionware is an emerging type of cyberattack calculated not only to disrupt the availability, integrity, and confidentiality of victims’ data, systems, and networks, but also to interrupt or shut down the essential business operations functions of its victims. More destructive than traditional malware and ransomware attacks which typically only target a victim’s systems and networks, disruptionware attacks target both the “information technology” (IT) and “operational technology” (OT) networks of its victims.

Ransomware is the most commonly used tool to effectuate disruptionware attacks, and, similar to other disruptionware tools, is a type of malware that — once released into a victim’s data networks — is highly effective at diagnosing, attacking and shutting down the victim’s business operations.

Disruptionware attacks are expensive and inconvenient and they also pose a danger to the public health and safety. For example, a 2020 disruptionware attack at a German hospital shut down the hospital’s computer systems, making patient and vital health data inaccessible. The attack also targeted the hospital’s OT networks, including shutting down operating room infrastructure, which locked the hospital out of critical life support systems and equipment needed by the medical staff.

While attacks on companies in the health care industry have garnered significant and well-deserved attention, disruptionware attacks have begun to impact many other industries.

OT networks are susceptible to less sophisticated, readily deployable cyberattacks such as ransomware. According to the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), there are many forms of ransomware that are designed to specifically disrupt operations by organizations using OT networks and devices.

A recent cyberattack on a water treatment plant in Oldsmar, Florida highlights the danger posed by disruptionware attacks on participants in critical infrastructure industries. In that case, an attacker remotely accessed an OT system controlling the chemicals that were added to the water supply. Fortunately, the attack was discovered and reversed before there was any danger to the public health.

The danger from disruptionware attacks to the nation’s critical infrastructure is only growing. In early May 2021, one of the largest U.S. fuel pipelines was hit by a ransomware attack, forcing its operator, Colonial Pipeline, to shut down its operations — including 5,500 miles of pipeline.

Disruptionware attacks are becoming more commonplace and more dangerous. Disruptionware is obviously a tremendous change to the cyber threat landscape, and agencies should be aware of the potential danger that such attacks can pose. Organizations would be well-advised to take steps to upgrade their security to guard against disruptionware. In addition to baseline “cyber hygiene” practices to secure IT and OT networks, organizations should also consider doing the following:

    • Regularly patching networks and ensuring a viable patch management system
    • Disabling Macro Scripts on your network
    • Limiting unnecessary internet exposure
    • Disabling Secure Server Message Block (SMB)
    • Disabling Remote Desktop Protocol (RDP)
    • Managing and securing third-party Service Level Agreement (SLA) access to networks
  • Instituting effective “Social Awareness” training for company employees.

 

Summarized from JD Supra

Leave a Reply