Disruptionware: preparing for new age cyber attacks

ManageEngine

Thursday, 19 May, 2022


Disruptionware: preparing for new age cyber attacks

Cyber attacks continue to increase in both frequency and impact, as attackers use more sophisticated and dangerous methods. One of the most common types of attack uses ransomware, with the Australian Cyber Security Centre recording a 15 per cent increase in ransomware cybercrime reports in the 2020–21 financial year.1

Ransomware is just the top of the cybercriminal iceberg. It is now easier than ever for anyone to launch an attack on an organisation, even without high-level computer knowledge. However, more sophisticated and savvy cyber attackers are instead moving on to a new weapon in their arsenal to wreak havoc on government departments: disruptionware.

Disruptionware is a whole new class of cyberthreat that aims to sabotage critical networks and operations, which makes it exceptionally damaging for government departments. And, as it grows in popularity among cybercriminals, it’s developing into a significant cyberthreat that is considerably more malicious than other types of malware, such as ransomware. Unlike ransomware, which is designed to encrypt files on a device and render them unusable until a ransom is paid in exchange for decryption, disruptionware instead targets its victims’ information and operational technology networks. This means it attacks the integrity of data, systems, and networks along with the physical infrastructure that allows a network to operate.

Disruptionware has gained more significance since the outset of the pandemic because of the shift to remote working environments for government departments and online access for critical systems and support networks. It is a significant concern not only for the safety of citizen and government data but also for the security of critical systems. Disruptionware can bring essential services to a standstill and lead to widespread chaos and disruption, in some cases potentially even causing physical damage to citizens.

Government departments must pay close attention to this emerging threat. It cannot be reversed like ransomware because the goal is not to receive a ransom but to destroy and disrupt, and it can completely cripple networks. This makes it a particularly insidious form of attack.

Measures government departments can take to decrease the risk of disruptionware

Government departments can take steps to prevent these types of attacks or limit their impact. Combating disruptionware requires departments to not only ensure their baseline cybersecurity measures are strong and up-to-date, but to implement some additional measures as well. These include:

  1. Implement a strong backup system that includes storing multiple iterations of data both on-premises and in the cloud. Departments must also ensure they airgap their backups.
  2. Assemble an internal team or a specialised outsourced services team that can monitor for unauthorised access attempts into critical networks with a detailed incident response plan to help fast-track necessary action.
  3. Identify assets and ascertain the criticality of data stored on them. Prioritise protection of critical data and assets.
  4. Leverage security analytics or security information and event management solutions that detect adversarial techniques, such as phishing, drive-by downloads, and brute-force attacks, that malicious actors rely on for obtaining initial access into a network.
  5. Set up patch management routines to keep security up-to-date.
  6. Use threat intelligence feeds that can secure against emerging threats.

It is also vital for government departments to create human firewalls to help prevent cyber attacks like disruptionware. This idea focuses on educating people on the effects of cyber attacks and the importance of prioritising positive defensive habits, reframing attitudes around cybersecurity, and establishing best practices.

Disruptionware takes the consequences of a cyber attack well beyond costly downtime. Recovering from a disruptionware attack can be complex since it involves getting the adversary out of the department’s operational technology. Even if government departments can do this, the attacker may have already done too much collateral damage to recover from. This is why prevention is always better than cure, especially when it comes to disruptionware attacks.

The consequences of disruptionware will be catastrophic if no preventative measures are taken ahead of time. It’s essential that government departments devise and implement an effective response plan that will help to minimise the negative effects of a disruptionware attack and ultimately help them continue to serve constituents securely and effectively.

Reference
1 https://www.cyber.gov.au/acsc/view-all-content/reports-and-statistics/acsc-annual-cyber-threat-report-2020-21.

Image credit: ©stock.adobe.com/au/chinnarach

Related Articles

Building secure AI: a critical guardrail for Australian policymakers

While AI has the potential to significantly enhance Australia's national security, economic...

Building security‍-‍centric AI: why it is key to the government's AI ambitions

As government agencies test the waters of AI, public sector leaders must consider how they can...

State government agencies still struggling with securing user access

Audit reports have shown that Australian government agencies in four states experience challenges...


  • All content Copyright © 2024 Westwick-Farrow Pty Ltd