Forget Ransomware, the next big threat is “killware”

Get a free Techzine subscription!

The U.S. Homeland Security Secretary says cyber attacks are increasingly posing risks to “public health and safety”.

Alejandro Mayorkas, the current Secretary of the U.S. Department of Homeland Security, sat down for an interview with USA TODAY’s Editorial Board last week. What he had to say about the current cybersecurity threat landscape was chilling.

The Colonial Pipeline ransomware attack in April galvanized the public’s attention because of its consumer-related complications, Mayorkas said. People feared long lines at gas stations. Mayorkas then added that “there was a cyber incident that very fortunately did not succeed. And that is an attempted hack of a water treatment facility in Florida,.” Mayorkas said the aim of the attack was not for financial gain but rather “purely to do harm.”

Mayorkas and cybersecurity experts said the Oldsmar intrusion was one of many indications that malicious hackers increasingly are targeting critical parts of the nation’s infrastructure – everything from hospitals and water supplies to banks, police departments and transportation – in ways that could injure or even kill people.

“U.S. cybersecurity officials have long known that water facilities and other critical infrastructure have been vulnerable for many, many years,” a senior DHS official said on condition of anonymity. “What made this one different was that there was an intruder who consciously exploited that vulnerability with malicious intent.

Hospitals are devastating targets

In hospital hacks, patients could die or suffer life-threatening complications. But it would be nearly impossible to find out unless medical centers offered that information, said a senior Department of Homeland Security official.

Authorities suspect the problem may be larger than people have reported. This is due in part because private companies and even government agencies often don’t report ransomware hacks of their operational systems.

Failure to report such attacks fuels the fast-growing criminal market in ransomware attacks, which can bring hackers millions in payouts, the DHS official said, “and it doesn’t help us learn the latest techniques and tactics used by the hackers.”