The Killware Virus
DHS officials speaking to USA TODAY have shared that the water treatment facility showed that the malicious actor tried to alter chemical combinations to dangerous levels during the water treatment process. According to the authorities, a system operator discovered the modifications and rectified them before they had an impact on the water supply.
What is Killware?
And while with incidents like this one most Americans have just started to hear more and more about the money-demanding crime known as ransomware, the nation’s top homeland security officer is concerned about an even greater digital threat – Killware – malicious software, the attacks of which may actually cost a human life.
In an interview with USA TODAY, Homeland Security Secretary Alejandro Mayorkas revealed that there has been an attempt to hack the system of a Florida water treatment plant with no intentions for financial benefit, but rather to do deliberate harm to people, which fortunately did not succeed.
According to Mayorkas, the attempt for attack which took place in February 2021 in the water system in Oldsmar, Florida, was designed to provide residents with tainted water.
The Oldsmar intrusion is believed to be just the latest example of how malicious hackers are increasingly targeting critical nation infrastructures, including hospitals, water supplies, banks and police departments, in ways that could cause serious harm or even lead to loss of human lives.
Security researchers are concerned that this new malicious cyber activity trend, known as Cyber-physical security attacks, presents significant dangers to public health and safety because such attacks can be aimed at a variety of key national infrastructure targets. Included in this group are the oil-and-gas industry, water and chemical systems as well as transportation and aviation, dams, etc.
In a post by Wam Voster, senior research director at security company Gartner, he shares that the development of consumer-based goods like smart thermostats and self-driving cars has transformed the United States into a “ubiquitous cyber-physical systems world” that is now rife with dangers. What is more, cyber attackers are most likely to have weaponized operational technology settings by 2025 to effectively injure or kill people, according to a study released by Gartner on July 21.
People’s lives at risk
In the last year alone, there have been several reported instances in which hackers have taken down vital Hospital infrastructure in a manner that has resulted in direct harm to humans’ lives.
Many Hospitals have been forced to reroute patients and cancel or postpone important operations, examinations, and other medical procedures due to a recent wave of ransomware attacks, U.S. authorities have revealed.
Cybercriminals infecting systems with ransomware for financial gain are using an arsenal of strategies, techniques, and processes. A security warning issued last year by the Federal Bureau of Investigation (FBI), the Department of Homeland Security (DHS), and the Department of Health and Human Services (HHS) is describing most of these tactics in an attempt to provide healthcare providers that are under direct threat of targeted attacks with information that can help them take reasonable and timely measures to protect their networks from such risks.
Responsibility for loss of human life
Cybersecurity experts are getting united around the opinion that, government and business executives should be held financially or legally responsible if human lives are endangered as a result of computer system breaches they supervise.
A Gartner study released in September 2020 said that the FBI, NSA, and Cybersecurity and Infrastructure Security Agency (CISA) had already boosted the frequency and information given surrounding threats to critical infrastructure-related systems, most of which are controlled by the private sector. Therefore, CEOs will no longer be able to claim ignorance or hide behind insurance plans in the near future, according to this research.
Who are the people behind the cyberattacks?
According to US authorities, foreign states and non-state entities are increasingly engaged in hostile cyberactivity, often in cooperation. This makes it difficult to trace attackers or determine whether they are motivated by pure profit, politics, or both. However, exploit attempts like the Florida’s water plant attack only indicate that threat actors, regardless of who is behind them, have no scrupulous to take advantage of such targets and put human lives at risk. And while ransomware attacks continue to make news, security professionals have now started to raise more awareness about cyber breaches, like the one that occurred in Florida, that aren’t motivated by money.