Disruptionware: a new cyber threat that targets critical infrastructure

Share

While ransomware has been on the rise in the last few years, disruptionware is the latest and emerging cyber threat that people should be wary about. 

Disruptionware is a cyber attack that can wreck havoc on critical infrastructure, particularly towards government agencies, as it not only disrupts the availability, integrity and confidentiality of data, systems and networks, but it can also shut down essential business operations functions. 

This type of cyber attack targets the information and operational technology networks of an organisation, aiming for their victims’ physical infrastructure, networks, systems, data, and their ability to operate. 

Because of the manner that disruptionware sabotages critical networks and operations, it is considered to be more destructive than malware and ransomware attacks, which usually only targets systems and networks. 

One such example of the damage disruptionware can cause is the cyber attack on the US Colonial Pipeline in May 2021. According to multiple news sources, the major gasoline pipeline was shut down by a strategically delivered disruptionware attack by a Russian cyber-criminal group called “Darkside”. 

While the initial attack was a ransomware attack, the hackers were able to use the malware introduced into the pipeline’s control systems to shut down the pipeline’s IT and OT networks.  

The attack forced Colonial Pipeline to shut down its systems for several days, affecting consumers and airlines all over the East Coast. This caused gas shortages as people panic bought fuel. 

This incident showed that disruptionware can bring essential services to a standstill, and can potentially lead to widespread chaos and disruption.  

Aside from this, disruptionware becomes even more of a threat to government due to the shift towards remote working and increased reliance on digital technologies. 

Government organisations should be aware and vigilant towards this emerging threat, and should take steps to prevent the attack or limit the damage it can cause to critical systems.  

Aside from taking steps to upgrade cyber security systems to guard against disruptionware, such as securing IT and OT networks, organisations can also set up a strong backup system of their data both on-premises and in the cloud. 

Identifying critical data and assets is also important, as well as prioritising their protection by having a team that can monitor any unauthorised access to critical networks. A detailed incident response plan should also be established to aid in necessary action should there be an attack.  

Employees should also be educated on the effects of these cyber attacks and taught how to protect their data through defensive cyber habits. 

Unlike ransomware, recovering from a disruptionware attack is difficult and usually involves a lot of collateral damage. Because of this, preventative measures should be taken ahead of time by organisations in order to reduce the negative effects of such cyber attacks.