Story image

Disruptionware emerges as newest and nastiest cyber threat

What’s being dubbed as ‘disruptionware’ is emerging as the newest and nastiest cybersecurity threat, according to new research.

Forescout and ICIT research has identified the rise of disruptionware and its threat to particularly operational technology environments.

The report published by the pair explores how the nature of cyber attacks is changing. For instance, while the traditional concept of malware damaging operations for monetary gain, a breed of attacks that are still very present, disruptionware is wreaking havoc in networked industrial control system (ICS) and operational technologies (OT) environments.

More specifically, manufacturers, transport firms and energy companies are most at risk as attackers are targeting industrial equipment to impact productivity.

The research examines the attack patterns targeting critical industry sectors including ransomware, disk-wiping malware and similarly disruptive malicious code.

It found that bad actors without extensive technology know-how are targeting industrial equipment with inadequate protection mechanisms to suspend operations, disrupt continuity and disseminate deliverables in order to target productivity rather than extract money for financial gain.

These low sophistication attacks are becoming increasingly consequential to the operator community, the report finds.

For instance, in March 2019 Norsk Hydro, one of the largest aluminum producers in the world, disclosed that some of their systems had been infected by LockerGoga ransomware, affecting their operations worldwide.

Norsk declined to pay the ransom and instead engaged its incident response procedures and reverted to backup and redundancy infrastructure but, nevertheless, a week after the attack it estimated its losses at $40 million despite reporting a full recovery.

“We see many of these challenges first-hand at Forescout because we support many of the worlds largest ICS and OT-dependent organisations,” commented Ryan Brichant, the company’s CTO for Critical Infrastructure, ICS and OT.

“Our team understands that in the world of pipelines, factories and power plants, digital hazards consist of much more than just malicious intruders any type of outage or disruption, even if due to false-positives or errors, still causes harm.

"But there is common ground that can be found under security and modernisation as these disruption-sensitive industries push toward new software and connectivity technologies," Brichant says.

The researchers also idenfitied what companies need to focus on to better protect themselves, including planning for and implementing security-by-design controls, developing an incident response plan, increasing device visibility across the converged IT/OT environment and segmenting networks.