With the next wave of malware, could the hackers weaponize operational technology and shut down banks and poison water supply? Read on to know more about it?
There have been a lot of news this year on hacking, including ransomware operations that steal money from victims. However, security experts, on the other hand, believe that cyberattacks will eventually include “killware” designed to take the lives of people.
An attempted cyberattack on a water treatment facility in Oldsmar, Fla. earlier this year, according to Homeland Security Secretary of United States, Alejandro Mayorkas, could have been one of those incidents. He added that the motive of this cyberattack wasn’t to make money for the hackers; instead, it was to cause harm to residents by distributing polluted water.
Mayorkas said “The attempted hack of this water treatment facility in February 2021 demonstrated the grave risks that malicious cyber activity pose to public health and safety,” He added “The attacks are increasing in frequency and gravity, and cybersecurity must be a priority for all of us.”
However, the U.S. law enforcement agencies were not able to reveal who was responsible for the cyberattack. This cyberattack on the U.S. infrastructure follows other high-profile attacks, such as the SolarWinds intrusion into U.S. federal government agencies and the recent cyberattack on Microsoft.
Other Critical Threats
The Oldsmar attack, according to Mayorkas and other cybersecurity experts, was only one of several warnings that “killware” could target other critical parts of the America’s infrastructure. In addition to water supplies, it might affect banks, law enforcement agencies, hospitals, and transportation. According to USA Today, in addition to government experts like Mayorkas, private-sector security experts have also begun raising the alarm about potentially fatal physical cybersecurity threats.
Security experts warn that so-called cyber-physical security incidents involving a wide range of critical national infrastructure targets could lead to loss of life. Those include oil and gas manufacturing and other elements of the energy sector, as well as water and chemical systems, transportation and aviation and dams.
Wam Voster, senior research director at security firm Gartner Inc., said that with the rise of consumer-based products like smart thermostats and autonomous vehicles, Americans are more vulnerable to cyber threats than ever before.
According to Voster, another example of potentially disastrous malware was the Triton malware, which was discovered in late 2017 in the Operations Technology (OT) of a petrochemical site and was designed to disable safety systems. Voster said that “If the malware had been effective, then loss of life was highly likely”. He added that malware has now entered the realm of “killware”
Gartner predicted that by 2025, “cyber attackers will have weaponized operational technology environments to successfully harm or kill humans,” according to a report released on July 21. Gartner said in an article “The attack on the Oldsmar water treatment facility shows that security attacks on operational technology are not just made up in Hollywood anymore,”
There had been cyberattacks before the Oldsmar incident that could have resulted in deaths or physical harm.
According to USA Today, a senior Department of Homeland Security official said “U.S. cybersecurity officials have long known that water facilities and other critical infrastructure have been vulnerable for many, many years,”
Attacks on Health Services
According to USA Today, US officials are particularly concerned about the recent series of ransomware attacks on hospitals. As a result of the attacks, patients have already been forced to cancel or postpone procedures, including critical surgeries. In September 2020, there was a nationwide cyberattack on Universal Health Services.
Due to underreporting, authorities believe that hospital based cyberattacks are a bigger issue than we now understand. A mother sued an Alabama hospital earlier this year, alleging that its inability to report a cyberattack on its systems resulted in subpar care, which led to her baby’s death.
According to Gartner, the financial impact of cyber-physical security attacks that result in fatalities will exceed $50 billion in the next few years.