This article needs additional citations for verification. (January 2018) (Learn how and when to remove this template message)
A blended threat (also known as a blended attack) is a software exploit which in turn involves a combination of attacks against different vulnerabilities. For example, many worm, a trojan horse and a computer virus exploit multiple techniques to attack and propagate. It is a kind of computer threat.
Blended Threats are combination of worms, trojan, virus, and other kinds of malware.
In more recent years, as cyberattacks have demonstrated increased ability to impact physical systems, such as Stuxnet and Triton / Trisis malware, or the 2017 ransomware outbreaks, such as WannaCry, and further recognizing the threats to cyber systems that exist from potential physical hazards, the term blended threat has also been defined as a natural, accidental, or purposeful physical or cyber danger that has or indicates the potential to have crossover impacts and harm life, information, operations, the environment, and/or property. This is an adaptation based on terminology from the 2010 US Department of Homeland Security's Risk Lexicon.
Symantec further elaborated on the idea of blended threats in a blog post noting, "As the malware begins to become contained, a natural disaster hits the region. As people in need of help flood into medical centers, researchers discover additional concerns inside the malware’s code. This type of attack is known as a “blended threat” – a natural, accidental, or purposeful combination of a physical with a cyber incident." That post describes private-sector infrastructure preparedness activities focused on blended threats, including those planned for the healthcare sector and for higher education.
Further adding to the idea of what types of crossover incidents can be considered blended threats, in August 2018, Oracle wrote a post on observed incidents that include a number of good examples. One example there is, "At approximately 20:00 GMT on July 2, the Internet Intelligence Map Country Statistics view showed a decline in the traceroute completion ratio and DNS query rate for Azerbaijan, related to a widespread blackout. These metrics gradually recovered over the next day. Published reports (Reuters, Washington Post) noted that the blackout was due to an explosion at a hydropower station, following an overload of the electrical system due to increased use of air conditioners, driven by a heat wave that saw temperatures exceed 100° F." Another: "Just a day later, Tropical Storm Maria caused an islandwide power outage in Guam, which disrupted Internet service on the island for several hours." Again, "Venezuela experienced a large power failure that left most of the capital city of Caracas without electricity, which caused a disruption in Internet connectivity as well. As shown in the figure below, both the traceroute and DNS metrics saw minor declines at around 13:00 GMT." Read more in the cited article.
At Black Hat 2018, Ruben Santamarta (@reversemode) provided another example of cyber-physical threats was demonstrated. The Guardian summarized, "The satellite communications that ships, planes and the military use to connect to the internet are vulnerable to hackers that, in the worst-case scenario, could carry out 'cyber-physical attacks', turning satellite antennas into weapons that operate, essentially, like microwave ovens."
- Chien, Ször, Eric, Péter (2002). "Blended Attacks Exploits, Vulnerabilities and Buffer-Overflow Techniques in Computer Viruses" (PDF). Virus Bulletin: 35 – via Symantec Security Response.
- "Attackers Deploy New ICS Attack Framework "TRITON" and Cause Operational Disruption to Critical Infrastructure". FireEye. Retrieved 2018-02-02.
- "TRISIS - Analyzing Safety System Targeted Malware". dragos.com. Retrieved 2018-02-02.
- Lab, Kaspersky. "WannaCry: What you need to know". www.kaspersky.com. Retrieved 2018-02-03.
- "Blended Threats: Understanding an Evolving Threat Environment". gate15.global. Retrieved 2018-02-02.
- "Blended Threats (update 1.1.): Understanding an Evolving Threat Environment". gate15.global. Retrieved 2018-03-01.
- "DHS Risk Lexicon". Department of Homeland Security. 2009-07-06. Retrieved 2018-02-02.
- "Surge in Blended Attacks Stirs New Cyber Worries". Retrieved 2018-08-07.
- "Blended Threats Exercise Series - NH-ISAC EVENTS". NH-ISAC EVENTS. Retrieved 2018-08-07.
- "Workshops". REN-ISAC. Retrieved 2018-08-07.
- Belson, David. "Last Month In Internet Intelligence: July 2018". Retrieved 2018-08-13.
- "Black Hat USA 2018". www.blackhat.com. Retrieved 2018-08-13.
- "Ruben Santamarta (@reversemode) | Twitter". twitter.com. Retrieved 2018-08-13.
- Hern, Alex (2018-08-09). "Hacked satellite systems could launch microwave-like attacks, expert warns". the Guardian. Retrieved 2018-08-13.