Jackware: A new type of ransomware could be 10 times as dangerous

Jason Glassberg is co-founder of Casaba Security, a cybersecurity and ethical hacking firm that advises cryptocurrency businesses, traditional financial institutions, technology companies and Fortune 500s. He is a former cybersecurity executive for Ernst & Young and Lehman Brothers.

The ransomware crimewave — which has been pummeling businesses, cities, and police departments left and right for the last few years — hit a grim new milestone recently with the first high-profile attacks on U.S. critical infrastructure.

Between the attacks on Colonial Pipeline and JBS, which disrupted nearly half of the East Coast’s gasoline supply for a week and threatened 20% of the U.S. meat market, respectively, consumers are finally experiencing the first physical impacts to their daily lives from cyber attacks.

As bad as these attacks are, they could get a lot worse.

Cybercriminals are constantly evolving, and what is keeping many security professionals up at night is the growing risk of “jackware” — a new type of ransomware that could be 10 times more dangerous because instead of encrypting Windows computers and servers. Jackware hijacks the actual physical devices and machines that make modern life possible.

It’s only a matter of when we will see these attacks happen.

A few lines of code can disable a machine

Malware is generally something that only affects computers, but over the last 20 years, there has been a boom in the development of tiny computers that add connectivity and “smart” features to every type of machine and device you can imagine. 

These tiny computers are known as “embedded devices,” and they now play a key role in critical infrastructure, cars, mass transit, health care, office buildings, and even the home. And just like a desktop computer, embedded devices are also vulnerable to malware. 

However, the difference between hacking a computer and hacking an embedded device is that the latter has direct physical consequences.

The reason why jackware is so dangerous is that it can shut down these embedded devices, crippling the larger physical machine. That means cyber attacks would lead to even worse disruptions in critical services and supplies than what we’ve seen thus far with ransomware while also potentially causing permanent physical damage to these systems and even putting peoples’ lives in danger.

For instance, if malware disrupts an “electronic control unit” (ECU) in a car, it could cause the brakes to malfunction or prevent the engine from starting — effectively “bricking” the car. It could break a million-dollar MRI machine. It could cause a pipeline to shut down for months or trigger a fire or explosion at an electric substation. Subways may not run. Airplanes may not be able to take off. Even buildings can be sabotaged because they rely on automation systems to operate.

Not the first we're hearing of this

The alarm bells have been ringing for a long time on the cyber-sabotage threat of jackware.

The first notable incident of a physical malware attack was the 2010 disruption of Iran’s nuclear weapons program. This digital attack destroyed centrifuges and revealed the “kinetic” potential for cyber attacks.

Skip ahead to 2015, when hacking researchers for the first time hijacked the controls of a Jeep Cherokee as it drove on the highway. Later that same year and again the following winter, Russian hackers took down part of Ukraine’s electric grid through cyber warfare.

In 2016, the vulnerable state of IoT devices was widely exposed when the Mirai botnet took control of 600,000 of these devices.

One year later, in 2017, the first attack by weaponized ransomware (i.e., ransomware designed to destroy data instead of holding it for ransom) was launched against Ukraine by Russian hackers. The malware, called NotPetya, soon spread around the world, causing at least hundreds of millions of dollars in global damages as it disrupted major companies like Maersk, FedEx (FDX), hospitals, and more.

MRI and X-ray machines were widely infected by spyware in 2018 as part of a sophisticated cyber-espionage operation.

Earlier this year, Microsoft (MSFT) issued a warning about a major rise in firmware attacks on companies.

And even more alarming is the recent update to the TrickBot trojan — a popular platform for ransomware hackers. This new update allows the malware to attack a computer’s BIOS or UEFI firmware, which could be used to remotely brick that device.

Four attack scenarios

Just as ransomware is an equal opportunity malware that will target any company and industry, the same is also true with jackware — which could have devastating consequences.

All major industries are now heavily reliant on embedded devices, as is the consumer market, which is seeing an explosion in IoT devices for the home (IP security cameras, smart door locks, smart appliances, etc.) and health and fitness, as well as a burgeoning wearables market and “connected” cars.

While the most alarming threat we face from jackware is a cyberwar-style attack by a nation-state, which could use this malware to cause far-reaching disruptions and threaten lives, this scenario is not as likely to happen because of the geopolitical consequences. (Although we could see one-off attacks periodically from state-sponsored groups that target specific companies — similar to how Iran destroyed $40 million worth of IT equipment at Las Vegas Sands Corp. (LVS) in 2014 after its CEO criticized the regime.)

The more realistic scenario is an attack by criminal or politically motivated hacker groups, ranging from traditional ransomware-as-a-service (RaaS) hackers and other organized crime groups to hacktivists and terrorists. These groups could pull off any number of attacks on a variety of industries in the future.

Here are four scenarios that are most likely to happen in the coming years:

1. Crippling a major company

We’ve already seen how disruptive traditional ransomware can be, simply by encrypting front-end office IT systems. However, these attacks would pale in comparison to the damage, costs, and downtime that could be created by a jackware infection of physical processes and machinery.

These attacks would be worse because they would bring operations to a complete standstill, equipment could be permanently damaged, physical injuries could occur, and removing the malware would be more difficult than it is with a traditional IT system.

The biggest risk is to manufacturers, processing plants, electric and water utilities, oil and gas companies, and shipping.

2. The forced update attack

For several years, hackers have increasingly targeted software vendors and supply chains — like SolarWinds and Magecart — as a way of hacking numerous victims by only having to breach a single company.

This tactic could also be used with jackware. If hackers breach an IoT manufacturer, they could potentially use that access to push malicious firmware updates to that company’s products. This is a threat that needs to be taken seriously, as it could have an enormous impact.

For instance, if hackers breached a car maker or dealership, they could potentially “brick” hundreds or even thousands of vehicles at one time by forcing the cars to install jackware.

Similarly, they could disrupt home thermostats, security systems, smart appliances, fitness devices — or any other consumer IoT product and wearable — by forcing those devices to install the malware.

An even greater concern, however, is that this attack could reach critical industries. The industrial Internet of Things (or IIoT), such as connected sensors, is widely used throughout many important industries, like manufacturing and energy. By disabling those devices, an attacker could cause significant disruptions.

3. Hijacking mass transit

Criminal hackers have already proven how easy it is for them to breach public transportation agencies.

In recent years, they’ve also used ransomware to disrupt services in Fort Worth, San Francisco, Vancouver, and other cities, and even hit Cleveland’s airport in 2019.

Hackers could use these same methods to instill even greater damage if they can infect the actual vehicle systems with jackware. All mass transit systems today — from buses to trains, subways and airplanes — rely on some level of embedded devices to manage important functions. And they will become increasingly autonomous in the years ahead. By encrypting these embedded devices, an attacker could render the vehicle inoperable.

4. Infecting medical devices

Since the pandemic began, hospitals have been heavily targeted with ransomware. These cyber attacks have been highly disruptive, but in most cases they haven’t interfered with actual medical treatments.

That will change with jackware.

Medical devices like MRIs, X-rays, ventilators, etc., often run on outdated software and firmware with unpatched vulnerabilities. Hospitals also frequently fail to isolate these devices from the main network, leaving them exposed to cyber attacks.

Once jackware becomes more widely available in the criminal underworld, it will be easy for hackers to breach a hospital’s main network and push jackware to life-saving medical equipment. This would bring all treatments to a standstill and put patients’ lives at risk.

A persistent threat

Unfortunately, cyber threats aren’t going away anytime soon.

And the problem is going to get worse before it gets better.

These attacks will continue because it is easy for hackers to find insecure companies and exploit them. The U.S. government will have a hard time stopping them because any time you eliminate one hacking group, five more are ready to take its place.

What this means for the average person is that you should start preparing for occasional disruptions in your daily life, from supplies at the grocery store to energy, water, banking services, and any connected device you rely on.

Investors also need to be wary about the effect these attacks could have on stocks, IPOs, long-term corporate values, and the cryptocurrency market.

Jason Glassberg is co-founder of Casaba Security, a cybersecurity and ethical hacking firm that advises cryptocurrency businesses, traditional financial institutions, technology companies and Fortune 500s. He is a former cybersecurity executive for Ernst & Young and Lehman Brothers.


  • 7 ways cybercrime is evolving amid the coronavirus pandemic

  • Coronavirus: 6 scams to watch out for

  • 5 cryptocurrency attacks that investors have no control over

Follow Yahoo Finance on Twitter, Facebook, Instagram, Flipboard, LinkedIn,YouTube, and reddit.

Source: Read Full Article