Skip to content

Discerning Data

  • About Us
  • Additional Resources
  • Contact Us

DISCERNING DATA

A Faegre Drinker Blog Covering the Latest in Privacy, Cybersecurity and Data Strategy
  • Privacy
  • Cybersecurity
  • Data Strategy
  • Disruptionware

Disruptionware III: Protect Your Business from a Disruptionware Cyber Attack

Share

In the first blog in this series, we defined “Disruptionware” and showed how it was growing as a threat to many types of industries throughout the country and the world. The threat was especially noticeable within the healthcare industry and for government institutions. In our second blog, we talked about the different types of tools and attack matrixes that Disruptionware uses to cripple and/or damage unsuspecting businesses and how destructive those attacks can be. This third and final discussion will delineate what businesses can do to defend themselves against a Disruptionware attack and what cyber defenses are at their disposal to alleviate the damages caused by this new and dangerous attack medium.

When considering potential cyber defenses to an attack, it is important to remember what Disruptionware is capable of from an offensive standpoint. One should think of Disruptionware as a large “toolbox” of cyber-attack tools, and in that toolbox a number of potent weapons are available to a cyber-criminal, including:

  • Ransomware,
  • Wipers,
  • Bricking Capabilities,
  • Automated Component attacks,
  • Data Exfiltration tools, and
  • Network Reconnaissance tools.

The Institute for Critical Infrastructure Technology (ICIT) was one of the first cybersecurity think tanks to conduct a “deep dive” into the dangers of Disruptionware. As ICIT describes, Disruptionware is a concept designed to do more than just “ransom” someone’s data. Rather, Disruptionware is a category of malware “designed to suspend operations within a victim organization through the compromise of the availability, integrity, and confidentiality of the systems, networks, and data belonging to the target.” The attacker uses Disruptionware to literally disrupt the actual operations and production in manufacturing and industrial environments or to “achieve some other strategic goal.”

A number of defenses are available for victim businesses to prevent or even defeat a Disruptionware attack. These include:

  • Creating multiple redundancies and backup systems to restore data if attacked. These backup systems should not be attached or connected to a main network or they could be lost as well.
  • Ensuring that up-to-date and well-tested Incident Response and Business Continuity Plans are in place. Updating these plans and ensuring that these plans are tested at regular intervals are essential.
  • Conducting regular tabletop exercises that include participation by C-Suite Executives, facility and operation managers, IT managers, and legal teams.
  • Making sure networks already fully encrypt both data at rest and data in motion.
  • Checking with the business’ cyber insurance company to verify whether existing policies cover ransomware attacks.

It is also important when preparing a defense to any cyber-attack — especially one as dangerous as Disruptionware — that the business monitor and assess its network capabilities and vulnerabilities. At a minimum, this entails checking both inventory network assets and increasing network visibility, in order that IT personnel are able to move quickly should a Disruptionware attack occur. Perhaps most importantly, the business should monitor and audit all user accounts for unusual network traffic and user activities so as to investigate and act as timely as possible.

Finally, the business should practice strong “cyber-hygiene.” Some important steps that a business can take immediately to defend its network from all types of cyber-attacks include:

  • Regularly patching systems and having a viable patch-management system
  • Disabling macro scripts
  • Limiting unnecessary Internet exposure
  • Disabling secure Server Message Block (Port 445)
  • Disabling Remote Desktop Protocol
  • Managing and securing third-party Service Level Agreement access to the network and using effective security auditing
  • Training employees to recognize and avoid phishing emails

Disruptionware will be changing the face of many cyber-attacks for the foreseeable future. For the reasons given throughout this blog series, Disruptionware represents a powerful and dangerous new form of cyber-attack, especially to the unprepared, as it is fundamentally designed to destroy a company’s physical infrastructure and data — not just to hold the data for ransom. The best way to defeat a Disruptionware attack is to begin preparing for it today.

The material contained in this communication is informational, general in nature and does not constitute legal advice. The material contained in this communication should not be relied upon or used without consulting a lawyer to consider your specific circumstances. This communication was published on the date specified and may not include any changes in the topics, laws, rules or regulations covered. Receipt of this communication does not establish an attorney-client relationship. In some jurisdictions, this communication may be considered attorney advertising.

About the Author: Jason G. Weiss

Jason G. Weiss leverages a past career as a cybersecurity and computer forensics Supervisory Special Agent with more than 22 years of decorated service at the FBI to guide clients through the complex and high-stakes issues associated with cybersecurity incident preparedness and response and compliance. View Jason's full bio on the Faegre Drinker website.

Receive Email Alerts to New Articles

SUBSCRIBE

May 27, 2020
Written by: Jason G. Weiss
Category: Disruptionware, Privacy

Post navigation

Previous Previous post: COVID-19 Consumer Data Protection Act of 2020 Seeks to Regulate Collection, Use of Geolocation, Personal Health Information
Next Next post: As CCPA Pressure Heats Up, Here’s What Should Be on Your Summer To-Do List

Search the Blog

Sign Up for Email Alerts

PODCASTS

Faegre Drinker on Law and Technology

©2023 Faegre Drinker Biddle & Reath LLP. All Rights Reserved. Lawyer Advertising.

  • About Us
  • Additional Resources
  • Contact Us
We use cookies to improve your experience with our website. By browsing our site, you are agreeing to the use of cookies. For more information about how we use cookies, please review our privacy policy and cookie policy. OK
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT