Blended threat

Last updated

A blended threat (also known as a blended attack [1] ) is a software exploit that involves a combination of attacks against different vulnerabilities. Blended threats can be any software that exploits techniques to attack and propagate threats, for example worms, trojan horses, and computer viruses.

Contents

Description

Complex threats consist of two or more attacks, such as multiple attacks of the same kind. Examples of complex threats include a series of coordinated physical hostilities, such as the Paris terrorist attacks in 2015 or a combination of threats such as a cyberattack and a distinct physical attack, which may be coordinated. [2]

In more recent years [ when? ], cyber attacks have demonstrated increased ability to impact physical systems, such as Stuxnet, Triton [3] or Trisis [4] malware, and have caused ransomware attacks such as WannaCry [5] and Netwalker [6] By recognizing computer system threats occur from potential physical hazards, the term "blended threat" has also been defined as a natural, accidental, or purposeful physical or virtual danger that has the potential for crossover impacts or to harm life, information, operations, environment, and property. [7] [8] This is an adaptation based on terminology from the 2010 US Department of Homeland Security's Risk Lexicon. [9]

Illustrating how rapidly and dangerously this can play out, Sarah Coble (writing in Infosecurity Mag on 12 June 2020 reported, [10] that "the life of Jessica Hatch, a Houston business owner, was “threatened after cyber-criminals hacked into her company’s social media account and posted racist messages". The founder and CEO of Infinity Diagnostics Center said that her company’s Instagram account was compromised… by an unknown malicious hacker. After gaining access to the account, the threat actor uploaded multiple stories designed to paint Hatch and her business as racist.” In this post "Blended Threats: Protests! Hacking? Death Threats!?!", Gate 15 highlighted that risk management processes need to account for our complex and blended threat environment. [11] On 6 September 2020, the Argentina's official immigration agency, Dirección Nacional de Migraciones, suffered a Netwalker ransomware attack that temporarily halted border crossing into and out of the country. [12] Blended threats, in the form of a cyber attack, have evolved to cause a loss of life. On 10 September 2020, German authorities say a hacker attack caused the failure of IT systems at the University Hospital Düsseldorf (UKD) Duesseldorf, and a woman who needed urgent admission died after she had to be taken to another city for treatment. [13] On 27 June 2023, Avertium published an article on patient death related to ransomware attacks. The article also mentions the most active ransomware groups; Royal, BlackCat, and Medusa. Royal is a fairly new ransomware group and was initially observed in early 2022. MedusaLocker employs phishing and spam email campaigns to infiltrate victim networks, attaching the ransomware directly to the emails. [14]

According to The Guardian, in a worst-case scenario, crackers could potentially carry out "cyber-physical attacks by turning satellite antennas into weapons that can operate like microwave ovens." [15] [16] [17]

On September 10, 2019 the Cyber Threat Alliance (CTA) released a new joint analysis [18] product titled "The Illicit Cryptocurrency Threat" that said illicit cryptocurrency mining had overtaken ransomware as the biggest cyber threat to businesses. The CTA said mining attacks had become one of the most common attacks their client's encounter. [19]

Blended threats may also compromise healthcare systems, many of which need an Internet connection to operate, as do numerous other medical devices such as pacemakers, making the latter part of the Internet of Things (IoT) a growing network of connected devices, which are potentially vulnerable to a cyber attack. By 2020, threats had already been reported in medical devices. Recently, a crucial flaw in 500,000 pacemakers that could expose users to an attack had been discovered. Additionally, security researchers revealed a chain of vulnerabilities in one brand of pacemaker that an attacker could exploit to control implanted pacemakers remotely and cause physical harm to patients. [20]

On July 16, 2019 a mother delivered her baby at the Springhill Medical Center in Mobile Alabama. The mother, Kidd, wasn’t informed Springhill was struggling with a cyberattack when she went in to deliver her daughter, and doctors and nurses then missed a number of key tests that would have shown that the umbilical cord was wrapped around the baby's neck, leading to brain damage and death nine months later. [21]

On February 5, 2021 unidentified cyber actors accessed the supervisory control and data acquisition (SCADA) system of a drinking water treatment plant in Oldsmar, Florida. Once the system was accessed, the intruders manipulated the level of sodium hydroxide, also known as lye or caustic soda, from a setting of 100 parts per mission to 11,100 parts per million. At high levels, sodium hydroxide can severely damage human tissue. It is the main ingredient in liquid drain cleaners, but at low levels is used to control water acidity and remove metals from drinking water. [22]

On May 7, 2021 Colonial Pipeline, an American oil pipeline system that originates in Houston, Texas, and carries gasoline and jet fuel mainly to the Southeastern United States, suffered a ransomware cyberattack that impacted computerized equipment managing the pipeline. The ransomware attack crippled delivery of about 3 million barrels of fuel per day between Texas and New York. The attack caused fuel shortages up and down the East Coast of the United States.

On May 30, 2021 meat supplier JBS suffered a ransomware attack. All JBS-owned beef facilities in the United States were rendered temporarily inoperative. The attack caused a spillover effect into the farming and restaurant industries.

On September 21, 2021 Iowa-based provider of agriculture services NEW Cooperative Inc. was hit by a ransomware attack forcing it to take its systems offline. The BlackMatter group that is behind the attack has put forth a $5.9 million ransom demand. NEW Cooperative Inc., a farming cooperative, said the attack could significantly impact the public supply of grain, pork, and chicken if it cannot bring its systems back online. [23]

On October 26, 2021 Schreiber Foods, a Wisconsin based milk distributor, was victimized by hackers demanding a rumored $2.5 million ransom to unlock their computer systems. Wisconsin milk handlers and haulers reported getting calls from Schreiber on Saturday (Oct. 23) saying that the company’s computer systems were down and that their plants couldn’t take the milk that had been contracted to go there. Haulers and schedulers were forced to find alternate homes for milk. [24]

On April 28, 2022 St. Vincent Hospital’s in Worcester in Massachusetts was the victim of a cyberattack which sent wait times in the emergency room skyrocketing, with some patients saying they were unable to see a doctor. St. Vincent Hospital’s statement reads: “Tenet, our parent company, experienced a cybersecurity incident last week and responded with extensive protection protocols to safeguard its systems and prevent further unauthorized activity. During the temporary disruption, Saint Vincent Hospital continued to care for our community utilizing established backup processes. At this time, our critical applications have been restored and we are resuming normal operations. In parallel, Tenet launched an investigation, which is ongoing, and is taking additional measures to protect patient, employee and other data. We are grateful to our physicians, nurses and staff for continuing to provide safe, quality patient care while we work to address this matter.” [25]

The aviation sector has also been affected by disruptions due to cyber attacks. Flights with popular Indian budget airline SpiceJet were disrupted by the cyber attack on May 25 2022. It is unclear which ransomware operation may have attacked SpiceJet, and no details have been shared as to the extent of damage it may have caused. [26]

On September 8, 2022 Ponemon Institute, a Washington, D.C., think tank, interviewed more than 600 information technology professionals across more than 100 health care facilities. Its findings are some of the most concrete evidence to date that the steady drumbeat of hackers attacking American medical centers leads to patients’ receiving worse care and being more likely to die. According Brett Callow, an analyst at the ransomware company Emsisoftto, there have been at least 12 ransomware attacks on health care facilities in the U.S. this year, but because some health care companies represent multiple locations, those attacks accounted for 56 different facilities, he said. [27]

On December 3, 2022 two power substations in North Carolina were damaged by gunfire. The subsequent power outages left at least 40,000 customers without electricity and rendered wastewater pumps out of order across the area. A curfew was instated and schools were closed. [28]

See also

Related Research Articles

<span class="mw-page-title-main">Computer security</span> Protection of computer systems from information disclosure, theft or damage

Computer security, cybersecurity, digital security, or information technology security is the protection of computer systems and networks from attacks by malicious actors that may result in unauthorized information disclosure, theft of, or damage to hardware, software, or data, as well as from the disruption or misdirection of the services they provide.

Cyberterrorism is the use of the Internet to conduct violent acts that result in, or threaten, the loss of life or significant bodily harm, in order to achieve political or ideological gains through threat or intimidation. Emerging alongside the development of infomration technology, cyberterrorism involves acts of deliberate, large-scale disruption of computer networks, especially of personal computers attached to the Internet by means of tools such as computer viruses, computer worms, phishing, malicious software, hardware methods, and programming scripts can all be forms of internet terrorism. Some authors opt for a very narrow definition of cyberterrorism, relating to deployment by known terrorist organizations of disruption attacks against information systems for the primary purpose of creating alarm, panic, or physical disruption. Other authors prefer a broader definition, which includes cybercrime. Participating in a cyberattack affects the terror threat perception, even if it isn't done with a violent approach. By some definitions, it might be difficult to distinguish which instances of online activities are cyberterrorism or cybercrime.

<span class="mw-page-title-main">Timeline of Internet conflicts</span>

The Internet has a long history of turbulent relations, major maliciously designed disruptions, and other conflicts. This is a list of known and documented Internet, Usenet, virtual community and World Wide Web related conflicts, and of conflicts that touch on both offline and online worlds with possibly wider reaching implications.

Cyberweapons are commonly defined as malware agents employed for military, paramilitary, or intelligence objectives as part of a cyberattack. This includes computer viruses, trojans, spyware, and worms that can introduce malicious code into existing software, causing a computer to perform actions or processes unintended by its operator.

A cyberattack occurs when there is an unauthorized action against computer infrastructure that compromises the confidentiality, integrity, or availability of its content.

Cyberwarfare is a part of Iran's "soft war" military strategy. Being both a victim and wager of cyberwarfare, Iran is considered an emerging military power in the field.

Lazarus Group is a hacker group made up of an unknown number of individuals, alleged to be run by the government of North Korea. While not much is known about the Lazarus Group, researchers have attributed many cyberattacks to them since 2010. Originally a criminal group, the group has now been designated as an advanced persistent threat due to intended nature, threat, and wide array of methods used when conducting an operation. Names given by cybersecurity organizations include Hidden Cobra and ZINC or Diamond Sleet. According to North Korean defector Kim Kuk-song, the unit is internally known in North Korea as 414 Liaison Office.

A medical device hijack is a type of cyber attack. The weakness they target are the medical devices of a hospital. This was covered extensively in the press in 2015 and in 2016.

<span class="mw-page-title-main">WannaCry ransomware attack</span> 2017 worldwide ransomware cyberattack

The WannaCry ransomware attack was a worldwide cyberattack in May 2017 by the WannaCry ransomware cryptoworm, which targeted computers running the Microsoft Windows operating system by encrypting data and demanding ransom payments in the Bitcoin cryptocurrency. It was propagated by using EternalBlue, an exploit developed by the United States National Security Agency (NSA) for Windows systems. EternalBlue was stolen and leaked by a group called The Shadow Brokers a month prior to the attack. While Microsoft had released patches previously to close the exploit, much of WannaCry's spread was from organizations that had not applied these, or were using older Windows systems that were past their end of life. These patches were imperative to cyber security, but many organizations did not apply them, citing a need for 24/7 operation, the risk of formerly working applications breaking because of the changes, lack of personnel or time to install them, or other reasons.

<span class="mw-page-title-main">Petya (malware family)</span> Family of encrypting ransomware discovered in 2016

Petya is a family of encrypting malware that was first discovered in 2016. The malware targets Microsoft Windows–based systems, infecting the master boot record to execute a payload that encrypts a hard drive's file system table and prevents Windows from booting. It subsequently demands that the user make a payment in Bitcoin in order to regain access to the system.

<span class="mw-page-title-main">2017 Ukraine ransomware attacks</span> Series of powerful cyberattacks using the Petya malware

A series of powerful cyberattacks using the Petya malware began on 27 June 2017 that swamped websites of Ukrainian organizations, including banks, ministries, newspapers and electricity firms. Similar infections were reported in France, Germany, Italy, Poland, Russia, United Kingdom, the United States and Australia. ESET estimated on 28 June 2017 that 80% of all infections were in Ukraine, with Germany second hardest hit with about 9%. On 28 June 2017, the Ukrainian government stated that the attack was halted. On 30 June 2017, the Associated Press reported experts agreed that Petya was masquerading as ransomware, while it was actually designed to cause maximum damage, with Ukraine being the main target.

The city of Atlanta, Georgia was the subject of a ransomware attack which began in March 2018. The city recognized the attack on Thursday, March 22, 2018, and publicly acknowledged it was a ransomware attack.

The 2018 SingHealth data breach was a data breach incident initiated by unidentified state actors, which happened between 27 June and 4 July 2018. During that period, personal particulars of 1.5 million SingHealth patients and records of outpatient dispensed medicines belonging to 160,000 patients were stolen. Names, National Registration Identity Card (NRIC) numbers, addresses, dates of birth, race, and gender of patients who visited specialist outpatient clinics and polyclinics between 1 May 2015 and 4 July 2018 were maliciously accessed and copied. Information relating to patient diagnosis, test results and doctors' notes were unaffected. Information on Prime Minister Lee Hsien Loong was specifically targeted.

Ryuk is a type of ransomware known for targeting large, public-entity Microsoft Windows cybersystems. It typically encrypts data on an infected system, rendering the data inaccessible until a ransom is paid in untraceable bitcoin. Ryuk is believed to be used by two or more criminal groups, most likely Russian or Ukrainian, who target organizations rather than individual consumers.

<span class="mw-page-title-main">Health Service Executive ransomware attack</span> 2021 cyber attack on the Health Service Executive in Ireland

On 14 May 2021, the Health Service Executive (HSE) of Ireland suffered a major ransomware cyberattack which caused all of its IT systems nationwide to be shut down.

In Q2 of 2013, Akamai Technologies reported that Indonesia topped China with a portion 38 percent of cyber attacks, an increase from the 21 percent portion in the previous quarter. China was at 33 percent and the US at 6.9 percent. 79 percent of attacks came from the Asia Pacific region. Indonesia dominated the attacking to ports 80 and 443 by about 90 percent.

Once a cyberattack has been initiated, there are certain targets that need to be attacked to cripple the opponent. Certain infrastructures as targets have been highlighted as critical infrastructures in times of conflict that can severely cripple a nation. Control systems, energy resources, finance, telecommunications, transportation, and water facilities are seen as critical infrastructure targets during conflict. A new report on the industrial cybersecurity problems, produced by the British Columbia Institute of Technology, and the PA Consulting Group, using data from as far back as 1981, reportedly has found a 10-fold increase in the number of successful cyber attacks on infrastructure Supervisory Control and Data Acquisition (SCADA) systems since 2000. Cyberattacks that have an adverse physical effect are known as cyber-physical attacks.

References

  1. Chien, Ször, Eric, Péter (2002). "Blended Attacks Exploits, Vulnerabilities and Buffer-Overflow Techniques in Computer Viruses" (PDF). Virus Bulletin: 35. Archived from the original (PDF) on July 27, 2004 via Symantec Security Response.{{cite journal}}: CS1 maint: multiple names: authors list (link)
  2. "Blended Threats: Understanding an Evolving Threat Environment" . Retrieved 2020-02-08.
  3. "Attackers Deploy New ICS Attack Framework "TRITON" and Cause Operational Disruption to Critical Infrastructure". FireEye. Retrieved 2018-02-02.
  4. "TRISIS - Analyzing Safety System Targeted Malware". dragos.com. 14 December 2017. Retrieved 2018-02-02.
  5. Lab, Kaspersky (15 May 2017). "WannaCry: What you need to know". www.kaspersky.com. Retrieved 2018-02-03.
  6. "NetWalker Ransomware - What You Need to Know". The State of Security. 2020-05-28. Retrieved 2020-09-09.
  7. "Blended Threats: Understanding an Evolving Threat Environment". gate15.global. Retrieved 2018-02-02.
  8. "Blended Threats (update 1.1.): Understanding an Evolving Threat Environment". gate15.global. Retrieved 2018-03-01.
  9. "DHS Risk Lexicon". Department of Homeland Security. 2009-07-06. Retrieved 2018-02-02.
  10. Coble, Sarah (2020-06-12). "Business Owner Receives Death Threats After Racist Hack". Infosecurity Magazine. Retrieved 2020-06-23.
  11. "Blended Threats: Protests! Hacking? Death Threats!?!". gate15.global. Retrieved 2020-06-23.
  12. "Blended Threats: That Time When Ransomware Shut Down Border Security…" . Retrieved 2020-09-09.
  13. "Blended Threats: When Ransomware Kills…" . Retrieved 2020-09-18.
  14. "How Ransomware Has Caused Patient Deaths in Healthcare". www.avertium.com. Retrieved 2023-06-30.
  15. "Ruben Santamarta (@reversemode) | Twitter". twitter.com. Retrieved 2018-08-13.
  16. "Black Hat USA 2018". www.blackhat.com. Retrieved 2018-08-13.
  17. Hern, Alex (2018-08-09). "Hacked satellite systems could launch microwave-like attacks, expert warns". the Guardian. Retrieved 2018-08-13.
  18. "CTA Joint Analysis On Securing Edge Devices". 30 April 2019. Retrieved 2020-04-24.
  19. "They're Drinking Your Milkshake: CTA's Joint Analysis on Illicit Cryptocurrency Mining". Cyber Threat Alliance. 2018-09-19. Retrieved 2020-02-08.
  20. "Blended Threats: Understanding an Evolving Threat Environment" . Retrieved 2020-02-08.
  21. Collier, Kevin (30 September 2021). "Baby died because of ransomware attack on hospital, suit says". NBC News. Retrieved 2021-10-27.
  22. "Blended Threats: Did Florida's Cyber Attack Whet Your Appetite for Better Preparedness and Security?" . Retrieved 2021-03-02.
  23. Sharma, Ax (2021-09-21). "$5.9 million ransomware attack on farming co-op may cause food shortage". Ars Technica. Retrieved 2021-09-22.
  24. Shepel, Jan. "Schreiber Foods hit with cyberattack; plants closed". Wisconsin State Farmer. Retrieved 2021-10-27.
  25. "Cyber Attack At St. Vincent Hospital In Worcester Hospital Causes Long Delays In Emergency Room". 2022-04-28. Retrieved 2022-04-29.
  26. "Airline passengers left stranded after ransomware attack". Hot for Security. Retrieved 2022-06-09.
  27. "Cyberattacks against U.S. hospitals mean higher mortality rates, study finds". NBC News. 8 September 2022. Retrieved 2022-09-09.
  28. "Mass power outage in North Carolina caused by gunfire, repairs could take days". www.cbsnews.com. 5 December 2022. Retrieved 2022-12-05.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.