Following these four best practices will not only empower you to defend against killware, but they will also help you defend against all other types of cyberattacks.

Brian Wrozek, CISO, Optiv Security

January 28, 2022

4 Min Read
Digital blue skeleton with key in foreground
marco salvarado via Alamy Stock

2021 was filled with high-profile ransomware attacks on businesses across industries -- some of which (e.g., the Colonial Pipeline attack) shut down entire markets and caused panic in parts of the US. As disruptive and destructive as these attacks were, the next wave of ransomware could be even more dangerous -- especially for the healthcare industry.

Like a virus, threat actors will continue to evolve and mutate the way they attack businesses to make the greatest profit. In “classic” ransomware attacks, bad actors encrypt a victim’s data and then force them to pay a ransom to have it unencrypted. But this evolved to cybercriminals forcing victims to pay a ransom not only to have their data unencrypted, but to prevent it from being publicly released or sold. Today, we’re beginning to see the third wave of ransomware -- killware.

Killware Puts the Healthcare Industry on High Alert

At a high level, killware is a ransomware attack that could result in physical harm, including loss of life, if a ransom isn’t paid. By raising the stakes in this way, cybercriminals are putting more pressure on victims to pay the ransom.

Hospitals and other healthcare organizations are increasingly at risk for these types of attacks, given system downtime of any kind -- even minutes -- could prevent critical patients from getting the treatment they need to survive. The world witnessed the detrimental consequences of killware in the attack on Springhill Medical Center in Alabama.

Additionally, medical equipment manufacturers and even individuals using internet-connected medical devices, such as insulin pumps or pacemakers, also are at risk. If cybercriminals hack into the WiFi networks or systems that these devices are connected to, they could potentially manipulate the data or even the way a device works, which could expose the personally identifiable information (PII) of millions of users or turn deadly in a worst-case scenario.

Fighting this New Threat with Good Security Hygiene

Regardless of industry, organizations need to take the proper precautions and practice good cybersecurity hygiene to defend against potential killware attacks. The good news is that most IT security teams hopefully will find that they are well on their way to a strong killware defense, as the strategies required to fight this new threat aren’t all that different from what organizations should be doing to protect against other types of cyberattacks.

Here are four best practices to keep in mind:

  1. Prioritize security basics -- they are the foundation of a strong cyber defense strategy. If an organization fails to master cybersecurity fundamentals, they will not only create gaping security holes for cybercriminals to exploit, but they won’t be able to effectively use more advanced security tools to bolster their defense strategy. That said, the first step to a strong killware defense strategy is to make sure basic security protocols, processes and controls are in place and working as they should -- things like multi-factor authentication, network segmentation, patching, systems updates and so on.

  2. Make application security part of the development process from the start. To eliminate those security holes, it’s important to build all applications, products and solutions -- including medical devices -- using a “security by design” model. This means building in security policies, controls and guardrails from the start, rather than adding controls after the fact.

  3. Implement and enforce threat modeling. Organizations can become so focused on getting a product out as quickly as possible, that they overlook the importance of determining how that product (or application, service or solution) could be attacked. Taking this perspective through threat modeling is important because it can identify areas of vulnerability and gaps in security that need to be addressed before a product goes to market.

  4. Develop and practice an incident response (IR) plan. The last thing any company wants if they do get hacked, is to be left scrambling to figure out what to do. This is why developing, documenting and practicing IR plans is so important. The ability to respond quickly with a pre-defined plan localizes the attack and minimizes the damage done.

Seeing the Big Picture

If successful killware attacks become too commonplace, it will generate attention from the US government as well as law enforcement entities, and they’ll be forced to respond. This is publicity that cybercriminals don’t want. They want to use killware for economic leverage, but, at the end of the day, they don’t want government scrutiny or to take lives, which I believe, is what will keep this threat at bay.

That said, one death is one too many, and organizations need to put the proper cybersecurity strategies in place to minimize the risk of a successful attack. Following these best practices will not only empower you to defend against killware, but all other types of cyberattacks as well -- enabling you to protect employees, customers, partners and other stakeholders in more ways than one.

About the Author(s)

Brian Wrozek

Brian Wrozek

CISO, Optiv Security

Brian Wrozek is a seasoned cybersecurity executive with more than 20 years of experience in IT and information security and management. As CISO at Optiv Security, Wrozek oversees all corporate security functions including cyber operations, incident response, vulnerability management and security governance activities.

See more from Brian Wrozek
Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.
SIGN-UP

You May Also Like

More Insights
Webinars
More Webinars
Reports
More Reports

Editor's Choice

NHL's Calgary Flames at New Jersey Devils on February 8, 2024 in Newark, NJ
IT Infrastructure
NHL, Presidio, and a Transformation Power Move with Hybrid CloudNHL, Presidio, and a Transformation Power Move with Hybrid Cloud
byJoao-Pierre S. Ruth
Apr 5, 2024
6 Min Read
Online Privacy Security Threat Abstract Background Art
Cyber Resilience
Cyber Risks When Job Hunters Become the HuntedCyber Risks When Job Hunters Become the Hunted
byCarrie Pallardy
Apr 9, 2024
9 Min Read
Business innovative solution and creative concept as a paper boat tied to a light bulb
IT Leadership
9 Ways to Ensure Continuous Innovation9 Ways to Ensure Continuous Innovation
byLisa Morgan
Apr 2, 2024
9 Slides
Hand charging an electric car, leaves and butterflies emerge from the cars exhaust, idea of sustainable transportation. Green energy, eco friendly
Sustainability
Sustainable Transportation Takes OffSustainable Transportation Takes Off
bySamuel Greengard
Mar 26, 2024
5 Min Read
Robotic hand takes a slice out of a coin, representing money
Machine Learning & AI
Special Report: What's Next for the GenAI Market in 2024?Special Report: What's Next for the GenAI Market in 2024
bySara Peters
Mar 12, 2024
3 Min Read
Webinars
More Webinars
White Papers
More White Papers
Live Events
More Live Events
Reports
More Reports
May 2, 2024
While there are plentiful options in cyber resiliency and business continuity tools and platforms, there isn’t one that can knock out everything from sudden cloud outages to prolonged ransomware attacks in a single punch. What can you do to keep the company on its feet no matter what is thrown at it? Find out in this new virtual event.
Reserve Your Seat Now