Blended threat

From Wikipedia, the free encyclopedia
Jump to navigation Jump to search

A blended threat (also known as a blended attack[1]) is a software exploit that involves a combination of attacks against different vulnerabilities. Blended threats can be any software that exploits techniques to attack and propagate threats, for example worms, trojan horses, and computer viruses.


Complex threats consist of two or more attacks, such as multiple attacks of the same kind. Examples of complex threats include a series of coordinated physical hostilities, such as the Paris terrorist attacks in 2015 or a combination of threats such as a cyberattack and a distinct physical attack, which may be coordinated.[2]

In more recent years[when?], cyber attacks have demonstrated increased ability to impact physical systems, such as Stuxnet, Triton[3] or Trisis[4] malware, and have caused ransomware attacks such as WannaCry[5] and Netwalker[6] By recognizing computer system threats occur from potential physical hazards, the term "blended threat" has also been defined as a natural, accidental, or purposeful physical or virtual danger that has the potential for crossover impacts or to harm life, information, operations, environment, and property.[7][8] This is an adaptation based on terminology from the 2010 US Department of Homeland Security's Risk Lexicon.[9]

Illustrating how rapidly and dangerously this can play out, Sarah Coble (writing in Infosecurity Mag on 12 June 2020 reported,[10] that "the life of Jessica Hatch, a Houston business owner, was “threatened after cyber-criminals hacked into her company’s social media account and posted racist messages". The founder and CEO of Infinity Diagnostics Center said that her company’s Instagram account was compromised… by an unknown malicious hacker. After gaining access to the account, the threat actor uploaded multiple stories designed to paint Hatch and her business as racist.” In this post "Blended Threats: Protests! Hacking? Death Threats!?!", Gate 15 highlighted that risk management processes need to account for our complex and blended threat environment.[11] On 06 September 2020, the Argentina's official immigration agency, Dirección Nacional de Migraciones, suffered a Netwalker ransomware attack that temporarily halted border crossing into and out of the country.[12] Blended threats, in the form of a cyber attack, have evolved to cause a loss of life. On 10 September 2020, German authorities say a hacker attack caused the failure of IT systems at the University Hospital Düsseldorf (UKD) Duesseldorf, and a woman who needed urgent admission died after she had to be taken to another city for treatment.[13]

According to The Guardian, in a worst-case scenario, crackers could potentially carry out "cyber-physical attacks by turning satellite antennas into weapons that can operate like microwave ovens."[14][15][16]

On September 10, 2019, the Cyber Threat Alliance (CTA) released a new joint analysis[17] product titled "The Illicit Cryptocurrency Threat" that said illicit cryptocurrency mining had overtaken ransomware as the biggest cyber threat to businesses. The CTA said mining attacks had become one of the most common attacks their client's encounter.[18]

Blended threats may also compromise healthcare systems, many of which need an Internet connection to operate, as do numerous other medical devices such as pacemakers, making the latter part of the Internet of Things (IoT) a growing network of connected devices, which are potentially vulnerable to a cyber attack. By 2020, threats had already been reported in medical devices. Recently, a crucial flaw in 500,000 pacemakers that could expose users to an attack had been discovered. Additionally, security researchers revealed a chain of vulnerabilities in one brand of pacemaker that an attacker could exploit to control implanted pacemakers remotely and cause physical harm to patients.[19]

On 16 July 2019, a mother delivered her baby at the Springhill Medical Center in Mobile Alabama. The mother, Kidd, wasn’t informed Springhill was struggling with a cyberattack when she went in to deliver her daughter, and doctors and nurses then missed a number of key tests that would have shown that the umbilical cord was wrapped around the baby's neck, leading to brain damage and death nine months later.[20]

On February 05, 2021 unidentified cyber actors accessed the supervisory control and data acquisition (SCADA) system of a drinking water treatment plant in Oldsmar, Florida. Once the system was accessed, the intruders manipulated the level of sodium hydroxide, also known as lye or caustic soda, from a setting of 100 parts per mission to 11,100 parts per million. At high levels, sodium hydroxide can severely damage human tissue. It is the main ingredient in liquid drain cleaners, but at low levels is used to control water acidity and remove metals from drinking water. [21]

On May 7, 2021, Colonial Pipeline, an American oil pipeline system that originates in Houston, Texas, and carries gasoline and jet fuel mainly to the Southeastern United States, suffered a ransomware cyberattack that impacted computerized equipment managing the pipeline. The ransomware attack crippled delivery of about 3 million barrels of fuel per day between Texas and New York. The attack caused fuel shortages up and down the East Coast of the United States.

On May 30, 2021, meat supplier JBS suffered a ransomware attack. All JBS-owned beef facilities in the United States were rendered temporarily inoperative.The attack caused a spillover effect into the farming and restaurant industries.

On 21 September, 2021, Iowa-based provider of agriculture services NEW Cooperative Inc. was hit by a ransomware attack forcing it to take its systems offline. The BlackMatter group that is behind the attack has put forth a $5.9 million ransom demand. NEW Cooperative Inc., a farming cooperative, said the attack could significantly impact the public supply of grain, pork, and chicken if it cannot bring its systems back online.[22]

On 26 October 2021 Schreiber Foods, a Wisconsin based milk distributor, was victimized by hackers demanding a rumored $2.5 million ransom to unlock their computer systems. Wisconsin milk handlers and haulers reported getting calls from Schreiber on Saturday (Oct. 23) saying that the company’s computer systems were down and that their plants couldn’t take the milk that had been contracted to go there. Haulers and schedulers were forced to find alternate homes for milk. [23]

See also[edit]


  1. ^ Chien, Ször, Eric, Péter (2002). "Blended Attacks Exploits, Vulnerabilities and Buffer-Overflow Techniques in Computer Viruses" (PDF). Virus Bulletin: 35 – via Symantec Security Response.
  2. ^ "Blended Threats: Understanding an Evolving Threat Environment". Retrieved 2020-02-08.
  3. ^ "Attackers Deploy New ICS Attack Framework "TRITON" and Cause Operational Disruption to Critical Infrastructure". FireEye. Retrieved 2018-02-02.
  4. ^ "TRISIS - Analyzing Safety System Targeted Malware". Retrieved 2018-02-02.
  5. ^ Lab, Kaspersky. "WannaCry: What you need to know". Retrieved 2018-02-03.
  6. ^ "NetWalker Ransomware - What You Need to Know". The State of Security. 2020-05-28. Retrieved 2020-09-09.
  7. ^ "Blended Threats: Understanding an Evolving Threat Environment". Retrieved 2018-02-02.
  8. ^ "Blended Threats (update 1.1.): Understanding an Evolving Threat Environment". Retrieved 2018-03-01.
  9. ^ "DHS Risk Lexicon". Department of Homeland Security. 2009-07-06. Retrieved 2018-02-02.
  10. ^ Coble, Sarah (2020-06-12). "Business Owner Receives Death Threats After Racist Hack". Infosecurity Magazine. Retrieved 2020-06-23.
  11. ^ "Blended Threats: Protests! Hacking? Death Threats!?!". Retrieved 2020-06-23.
  12. ^ "Blended Threats: That Time When Ransomware Shut Down Border Security…". Retrieved 2020-09-09.
  13. ^ "Blended Threats: When Ransomware Kills…". Retrieved 2020-09-18.
  14. ^ "Ruben Santamarta (@reversemode) | Twitter". Retrieved 2018-08-13.
  15. ^ "Black Hat USA 2018". Retrieved 2018-08-13.
  16. ^ Hern, Alex (2018-08-09). "Hacked satellite systems could launch microwave-like attacks, expert warns". the Guardian. Retrieved 2018-08-13.
  17. ^ "CTA Joint Analysis On Securing Edge Devices". Retrieved 2020-04-24.
  18. ^ "They're Drinking Your Milkshake: CTA's Joint Analysis on Illicit Cryptocurrency Mining". Cyber Threat Alliance. 2018-09-19. Retrieved 2020-02-08.
  19. ^ "Blended Threats: Understanding an Evolving Threat Environment". Retrieved 2020-02-08.
  20. ^ cybersecurity, Kevin CollierKevin Collier is a reporter covering; privacy; News, technology policy for NBC. "Baby died because of ransomware attack on hospital, suit says". NBC News. Retrieved 2021-10-27.
  21. ^ "Blended Threats: Did Florida's Cyber Attack Whet Your Appetite for Better Preparedness and Security?". Retrieved 2021-03-02.
  22. ^ Sharma, Ax (2021-09-21). "$5.9 million ransomware attack on farming co-op may cause food shortage". Ars Technica. Retrieved 2021-09-22.
  23. ^ Shepel, Jan. "Schreiber Foods hit with cyberattack; plants closed". Wisconsin State Farmer. Retrieved 2021-10-27.

External links[edit]