Blended threat

A blended threat (also known as a blended attack^[1]) is a software exploit that involves a combination of attacks against different vulnerabilities. Blended threats can be any software that exploits techniques to attack and propagate threats, for example worms, trojan horses, and computer viruses.

Description

Complex threats consist of two or more attacks, such as multiple attacks of the same kind. Examples of complex threats include a series of coordinated physical hostilities, such as the Paris terrorist attacks in 2015 or a combination of threats such as a cyberattack and a distinct physical attack, which may be coordinated.^[2]

In more recent years ^[when?], cyber attacks have demonstrated increased ability to impact physical systems, such as Stuxnet, Triton^[3] or Trisis^[4] malware, and have caused ransomware attacks such as WannaCry^[5] and Netwalker^[6] By recognizing computer system threats occur from potential physical hazards, the term "blended threat" has also been defined as a natural, accidental, or purposeful physical or virtual danger that has the potential for crossover impacts or to harm life, information, operations, environment, and property.^[7][8] This is an adaptation based on terminology from the 2010 US Department of Homeland Security's Risk Lexicon.^[9]

Illustrating how rapidly and dangerously this can play out, Sarah Coble (writing in Infosecurity Mag on 12 June 2020 reported,^[10] that "the life of Jessica Hatch, a Houston business owner, was “threatened after cyber-criminals hacked into her company’s social media account and posted racist messages". The founder and CEO of Infinity Diagnostics Center said that her company’s Instagram account was compromised… by an unknown malicious hacker. After gaining access to the account, the threat actor uploaded multiple stories designed to paint Hatch and her business as racist.” In this post "Blended Threats: Protests! Hacking? Death Threats!?!", Gate 15 highlighted that risk management processes need to account for our complex and blended threat environment.^[11] On 6 September 2020, the Argentina's official immigration agency, Dirección Nacional de Migraciones, suffered a Netwalker ransomware attack that temporarily halted border crossing into and out of the country.^[12] Blended threats, in the form of a cyber attack, have evolved to cause a loss of life. On 10 September 2020, German authorities say a hacker attack caused the failure of IT systems at the University Hospital Düsseldorf (UKD) Duesseldorf, and a woman who needed urgent admission died after she had to be taken to another city for treatment.^[13] On 27 June 2023, Avertium published an article on patient death related to ransomware attacks. The article also mentions the most active ransomware groups; Royal, BlackCat, and Medusa. Royal is a fairly new ransomware group and was initially observed in early 2022. MedusaLocker employs phishing and spam email campaigns to infiltrate victim networks, attaching the ransomware directly to the emails. ^[14]

According to The Guardian, in a worst-case scenario, crackers could potentially carry out "cyber-physical attacks by turning satellite antennas into weapons that can operate like microwave ovens."^[15][16][17]

On September 10, 2019 the Cyber Threat Alliance (CTA) released a new joint analysis^[18] product titled "The Illicit Cryptocurrency Threat" that said illicit cryptocurrency mining had overtaken ransomware as the biggest cyber threat to businesses. The CTA said mining attacks had become one of the most common attacks their client's encounter.^[19]

Blended threats may also compromise healthcare systems, many of which need an Internet connection to operate, as do numerous other medical devices such as pacemakers, making the latter part of the Internet of Things (IoT) a growing network of connected devices, which are potentially vulnerable to a cyber attack. By 2020, threats had already been reported in medical devices. Recently, a crucial flaw in 500,000 pacemakers that could expose users to an attack had been discovered. Additionally, security researchers revealed a chain of vulnerabilities in one brand of pacemaker that an attacker could exploit to control implanted pacemakers remotely and cause physical harm to patients.^[20]

On July 16, 2019 a mother delivered her baby at the Springhill Medical Center in Mobile Alabama. The mother, Kidd, wasn’t informed Springhill was struggling with a cyberattack when she went in to deliver her daughter, and doctors and nurses then missed a number of key tests that would have shown that the umbilical cord was wrapped around the baby's neck, leading to brain damage and death nine months later.^[21]

On February 5, 2021 unidentified cyber actors accessed the supervisory control and data acquisition (SCADA) system of a drinking water treatment plant in Oldsmar, Florida. Once the system was accessed, the intruders manipulated the level of sodium hydroxide, also known as lye or caustic soda, from a setting of 100 parts per mission to 11,100 parts per million. At high levels, sodium hydroxide can severely damage human tissue. It is the main ingredient in liquid drain cleaners, but at low levels is used to control water acidity and remove metals from drinking water.^[22]

On May 7, 2021 Colonial Pipeline, an American oil pipeline system that originates in Houston, Texas, and carries gasoline and jet fuel mainly to the Southeastern United States, suffered a ransomware cyberattack that impacted computerized equipment managing the pipeline. The ransomware attack crippled delivery of about 3 million barrels of fuel per day between Texas and New York. The attack caused fuel shortages up and down the East Coast of the United States.

On May 30, 2021 meat supplier JBS suffered a ransomware attack. All JBS-owned beef facilities in the United States were rendered temporarily inoperative. The attack caused a spillover effect into the farming and restaurant industries.

On September 21, 2021 Iowa-based provider of agriculture services NEW Cooperative Inc. was hit by a ransomware attack forcing it to take its systems offline. The BlackMatter group that is behind the attack has put forth a $5.9 million ransom demand. NEW Cooperative Inc., a farming cooperative, said the attack could significantly impact the public supply of grain, pork, and chicken if it cannot bring its systems back online.^[23]

On October 26, 2021 Schreiber Foods, a Wisconsin based milk distributor, was victimized by hackers demanding a rumored $2.5 million ransom to unlock their computer systems. Wisconsin milk handlers and haulers reported getting calls from Schreiber on Saturday (Oct. 23) saying that the company’s computer systems were down and that their plants couldn’t take the milk that had been contracted to go there. Haulers and schedulers were forced to find alternate homes for milk.^[24]

On April 28, 2022 St. Vincent Hospital’s in Worcester in Massachusetts was the victim of a cyberattack which sent wait times in the emergency room skyrocketing, with some patients saying they were unable to see a doctor. St. Vincent Hospital’s statement reads: “Tenet, our parent company, experienced a cybersecurity incident last week and responded with extensive protection protocols to safeguard its systems and prevent further unauthorized activity. During the temporary disruption, Saint Vincent Hospital continued to care for our community utilizing established backup processes. At this time, our critical applications have been restored and we are resuming normal operations. In parallel, Tenet launched an investigation, which is ongoing, and is taking additional measures to protect patient, employee and other data. We are grateful to our physicians, nurses and staff for continuing to provide safe, quality patient care while we work to address this matter.” ^[25]

The aviation sector has also been affected by disruptions due to cyber attacks. Flights with popular Indian budget airline SpiceJet were disrupted by the cyber attack on May 25 2022. It is unclear which ransomware operation may have attacked SpiceJet, and no details have been shared as to the extent of damage it may have caused.^[26]

On September 8, 2022 Ponemon Institute, a Washington, D.C., think tank, interviewed more than 600 information technology professionals across more than 100 health care facilities. Its findings are some of the most concrete evidence to date that the steady drumbeat of hackers attacking American medical centers leads to patients’ receiving worse care and being more likely to die. According Brett Callow, an analyst at the ransomware company Emsisoftto, there have been at least 12 ransomware attacks on health care facilities in the U.S. this year, but because some health care companies represent multiple locations, those attacks accounted for 56 different facilities, he said.^[27]

On December 3, 2022 two power substations in North Carolina were damaged by gunfire. The subsequent power outages left at least 40,000 customers without electricity and rendered wastewater pumps out of order across the area. A curfew was instated and schools were closed. ^[28]

See also

• Timeline of computer viruses and worms
• Comparison of computer viruses
• List of trojan horses

References

1. Chien, Ször, Eric, Péter (2002). "Blended Attacks Exploits, Vulnerabilities and Buffer-Overflow Techniques in Computer Viruses" (PDF). Virus Bulletin: 35 – via Symantec Security Response.
2. "Blended Threats: Understanding an Evolving Threat Environment". Retrieved 2020-02-08.
3. "Attackers Deploy New ICS Attack Framework "TRITON" and Cause Operational Disruption to Critical Infrastructure". FireEye. Retrieved 2018-02-02.
4. "TRISIS - Analyzing Safety System Targeted Malware". dragos.com. 14 December 2017. Retrieved 2018-02-02.
5. Lab, Kaspersky. "WannaCry: What you need to know". www.kaspersky.com. Retrieved 2018-02-03.
6. "NetWalker Ransomware - What You Need to Know". The State of Security. 2020-05-28. Retrieved 2020-09-09.
7. "Blended Threats: Understanding an Evolving Threat Environment". gate15.global. Retrieved 2018-02-02.
8. "Blended Threats (update 1.1.): Understanding an Evolving Threat Environment". gate15.global. Retrieved 2018-03-01.
9. "DHS Risk Lexicon". Department of Homeland Security. 2009-07-06. Retrieved 2018-02-02.
10. Coble, Sarah (2020-06-12). "Business Owner Receives Death Threats After Racist Hack". Infosecurity Magazine. Retrieved 2020-06-23.
11. "Blended Threats: Protests! Hacking? Death Threats!?!". gate15.global. Retrieved 2020-06-23.
12. "Blended Threats: That Time When Ransomware Shut Down Border Security…". Retrieved 2020-09-09.
13. "Blended Threats: When Ransomware Kills…". Retrieved 2020-09-18.
14. "How Ransomware Has Caused Patient Deaths in Healthcare". www.avertium.com. Retrieved 2023-06-30.
15. "Ruben Santamarta (@reversemode) | Twitter". twitter.com. Retrieved 2018-08-13.
16. "Black Hat USA 2018". www.blackhat.com. Retrieved 2018-08-13.
17. Hern, Alex (2018-08-09). "Hacked satellite systems could launch microwave-like attacks, expert warns". the Guardian. Retrieved 2018-08-13.
18. "CTA Joint Analysis On Securing Edge Devices". 30 April 2019. Retrieved 2020-04-24.
19. "They're Drinking Your Milkshake: CTA's Joint Analysis on Illicit Cryptocurrency Mining". Cyber Threat Alliance. 2018-09-19. Retrieved 2020-02-08.
20. "Blended Threats: Understanding an Evolving Threat Environment". Retrieved 2020-02-08.
21. Collier, Kevin. "Baby died because of ransomware attack on hospital, suit says". NBC News. Retrieved 2021-10-27.
22. "Blended Threats: Did Florida's Cyber Attack Whet Your Appetite for Better Preparedness and Security?". Retrieved 2021-03-02.
23. Sharma, Ax (2021-09-21). "$5.9 million ransomware attack on farming co-op may cause food shortage". Ars Technica. Retrieved 2021-09-22.
24. Shepel, Jan. "Schreiber Foods hit with cyberattack; plants closed". Wisconsin State Farmer. Retrieved 2021-10-27.
25. "Cyber Attack At St. Vincent Hospital In Worcester Hospital Causes Long Delays In Emergency Room". 2022-04-28. Retrieved 2022-04-29.
26. "Airline passengers left stranded after ransomware attack". Hot for Security. Retrieved 2022-06-09.
27. "Cyberattacks against U.S. hospitals mean higher mortality rates, study finds". NBC News. Retrieved 2022-09-09.
28. "Mass power outage in North Carolina caused by gunfire, repairs could take days". www.cbsnews.com. Retrieved 2022-12-05.

External links

• McAfee whitepaper on blended threats[1]