What is killware and how does it work?

Is killware as scary as it sounds? The short answer is a resounding “yes” because killware is a totally different beast.

Killware has upped the stakes higher than ever before! It brings futuristic doomsday Hollywood scenarios a reality (at least to some degree). This is because the end goal isn’t about making money; it’s about causing chaos.

These attackers could be rogue nation-states, hackers with something to prove, and just about anyone looking to create social unrest and maybe even worse. For example, ransomware has been blamed for hospital death. As such, killware attacks now pose a serious threat to the healthcare industry, financial institutions, oil and gas industry, government agencies, and (unfortunately) many more.

What is killware?

Killware is an overarching term that describes a type of malware used to cause physical damage or even death. While other types of cyberattacks are defined by their method (for example, spear-phishing attacks), killware is determined by the end result. This can include the use of multiple techniques, including, ransomware to achieve its goal.

The difference between malware, ransomware, and killware is how you use it. For example, while ransomware encrypts data and holds it to ransom, threat actors can use the same method to lock a hospital’s systems down and put people’s lives in danger.

As such, the U.S. Department of Homeland Security (DHS) designated killware as an emerging threat that’s much worse than your typical ransomware. According to Gartner, threat actors will routinely weaponize operational environments to intentionally cause harm or even death within the next four years.

According to the DHS, potential killware targets include:

  • Aviation
  • Banks
  • Emergency response systems
  • Food and necessity supply chains
  • Hospitals
  • Oil and gas
  • Power grids
  • Police and fire departments
  • Transportation infrastructure
  • Water supplies

As you can see from the above, we now consider any networked community resource at risk of a killware attack. However, it doesn’t stop there as some emerging “smart” technologies can also be added to the list—for example, IoT-connected smart thermostats and self-driving vehicles.

These attacks can also take place at scale against one target or an entire population. As almost every aspect of our lives is digitized, the fallout from a killware attack can be significant.

Example of a successful killware attack

Security experts consider the recent attack on the water treatment facility in Oldsmar, Florida, to be a killware attack. In this case, threat actors breached the plant’s systems and increased the level of sodium hydroxide in the water to levels that far exceeded the safe limit.

The level of sodium hydroxide was at more than a hundred times the safe limit and considered lethal. The good news is that an operator quickly identified and responded to it in time. Without intervention, a community of 15,000 people was at risk of receiving lethally contaminated water in their homes and workplaces.

However, there may not have been any malware involved in this attack. There is no evidence of a spear-phishing campaign, no evidence of spyware, and no initial breach with lateral movement. The main culprit in this incident was probably reused passwords across the entire water treatment facility.

How do you defend against killware?

Killware is definitely cyber warfare. This makes it vital for all government entities and the private sector to practice good cybersecurity hygiene. This means following best practices, keeping track of the latest cybersecurity trends, regular staff security training, and leveraging the latest cutting-edge security technology to mitigate risk.

  • Killware risk mitigation tips:
  • Always use multifactor authentication (MFA)
  • Always use strong passwords
  • Encrypt all your sensitive data
  • Enforce a zero-trust policy
  • Hire ethical hackers for penetration testing
  • Partner with an established cloud security services provider


to top