GUEST ESSAY: Introducing ‘killware’ — malware designed to contaminate, disrupt critical services

By Jack Chapman

Within the past year, we have seen a glut of ransomware attacks that made global news as they stymied the operations of many. In May, the infamous Colonial Pipeline ransomware attack disrupted nationwide fuel supply to most of the U.S. East Coast for six days.

Related: Using mobile apps to radicalize youth

But the danger has moved up a notch with a new, grave threat: killware.

Killware is a type of malware deployed to cause physical harm: contaminate community water supplies, exploit and obstruct networks used by hospitals and healthcare facilities, jam air traffic control networks, contaminate gasoline supplies, and, in some instances, deliberately cause death where and when it is least expected.

Earlier in the year, there was an attempted hack of a water treatment facility in Oldsmar, Florida. This attack, however, was not for financial gain; it was intended to inflict harm.

Alejandro Nicholas Mayorkas, the U.S. Secretary of Homeland Security, told USA Today that the attack “was intended to distribute contaminated water to residents, and that should have gripped our entire country.”

Protecting critical infrastructure

This is an alarming development. However, it is not entirely unexpected. Malware, including ransomware, is a fast-growing criminal market. Therefore, it is not surprising to see the rise of something even more detrimental such as killware attacks.

The U.S. government is taking the threat of cyberattacks seriously, proposing new legislation requiring critical infrastructure owners to report attacks to the Cybersecurity and Infrastructure Agency (CISA) to enable the government to better understand the threat.

This is an important step, but it is also up to organizations to ensure they have the right technology and security protocols to defend themselves. Sadly, I expect that we will begin to see a growing number of headlines about killware as these attacks become more widespread.

While the entire threat of killware is new, regulators and enforcers responded with salient advise focused on water systems and the vulnerabilities of spear phishing as a viable way bad actors gain access for killware attacks.

Spear phishing gateway

Federal regulators and enforcement agencies share a concern about water and wastewater systems. In mid-October, a joint advisory was the result of analytic efforts by the Federal Bureau of Investigation (FBI), CISA, the Environmental Protection Agency (EPA), and the National Security Agency (NSA) to highlight ongoing malicious cyber activity by both known and unknown actors .

This includes the targeting of information technology (IT) and operational technology (OT) networks (hardware and software that monitors or controls equipment, assets and processes), systems, and devices of the U.S. water and wastewater systems.

The advisory cautioned that when organizations integrate IT with OT systems, attackers can gain purposeful or inadvertent access to OT assets after the IT network has been compromised through spearphishing and other techniques.

For any firm, this is serious business. It has drawn attention to OT—connected devices that are also linked to networks—as a vulnerable spot for hackers to exploit.


The joint threat advisory mentions “spear phishing” as a gateway through which malware can be launched. The advisory described spear phishing as “one of the most prevalent techniques used for initial access to IT networks.” Personnel may open malicious attachments or links to execute the malware via emails from threat actors who can get through email filtering controls.

Therefore, cybersecurity efforts must be militant in preventing such entry. To effectively prevent spearphishing, organizations should look to intelligent technology.

Solutions which utilize natural language processing (NLP) and a zero-trust approach are able to detect even the most advanced attacks, before they even reach an employee’s inbox. By putting in place measures to prevent one of the most prevalent means of access for attacks, organizations can better protect themselves, and their employees, from hackers.

About the essayist: Jack Chapman is the Vice President of Threat Intelligence at Egress, a UK-headquartered international software company that provides intelligent email security services designed to mitigate phishing and prevent data loss.

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someone