Blended threat

From Wikipedia, the free encyclopedia
Jump to navigation Jump to search

A blended threat (also known as a blended attack[1]) is a software exploit that involves a combination of attacks against different vulnerabilities. Blended threats can be any software that exploits techniques to attack and propagate threats, for example worms, trojan horses, and computer viruses.


Complex threats consist of two or more attacks, such as multiple attacks of the same kind. Examples of complex threats include a series of coordinated physical hostilities, such as the Paris terrorist attacks in 2015 or a combination of threats such as a cyberattack and a distinct physical attack, which may be coordinated.[2]

In more recent years[when?], cyber attacks have demonstrated increased ability to impact physical systems, such as Stuxnet, Triton[3] or Trisis[4] malware, and have caused ransomware attacks such as WannaCry[5] and Netwalker[6] By recognizing computer system threats occur from potential physical hazards, the term "blended threat" has also been defined as a natural, accidental, or purposeful physical or virtual danger that has the potential for crossover impacts or to harm life, information, operations, environment, and property.[7][8] This is an adaptation based on terminology from the 2010 US Department of Homeland Security's Risk Lexicon.[9]

Illustrating how rapidly and dangerously this can play out, Sarah Coble (writing in Infosecurity Mag on 12 June 2020 reported,[10] that "the life of Jessica Hatch, a Houston business owner, was “threatened after cyber-criminals hacked into her company’s social media account and posted racist messages". The founder and CEO of Infinity Diagnostics Center said that her company’s Instagram account was compromised… by an unknown malicious hacker. After gaining access to the account, the threat actor uploaded multiple stories designed to paint Hatch and her business as racist.” In this post "Blended Threats: Protests! Hacking? Death Threats!?!", Gate 15 highlighted that risk management processes need to account for our complex and blended threat environment.[11] On 06 September 2020, the Argentina's official immigration agency, Dirección Nacional de Migraciones, suffered a Netwalker ransomware attack that temporarily halted border crossing into and out of the country.[12] Blended threats, in the form of a cyber attack, have evolved to cause a loss of life. On 10 September 2020, German authorities say a hacker attack caused the failure of IT systems at the University Hospital Düsseldorf (UKD) Duesseldorf, and a woman who needed urgent admission died after she had to be taken to another city for treatment.[13]

According to The Guardian, in a worst-case scenario, crackers could potentially carry out "cyber-physical attacks by turning satellite antennas into weapons that can operate like microwave ovens."[14][15][16]

On September 10, 2019, the Cyber Threat Alliance (CTA) released a new joint analysis[17] product titled "The Illicit Cryptocurrency Threat" that said illicit cryptocurrency mining had overtaken ransomware as the biggest cyber threat to businesses. The CTA said mining attacks had become one of the most common attacks their client's encounter.[18]

Blended threats may also compromise healthcare systems, many of which need an Internet connection to operate, as do numerous other medical devices such as pacemakers, making the latter part of the Internet of Things (IoT) a growing network of connected devices, which are potentially vulnerable to a cyber attack. By 2020, threats had already been reported in medical devices. Recently, a crucial flaw in 500,000 pacemakers that could expose users to an attack had been discovered. Additionally, security researchers revealed a chain of vulnerabilities in one brand of pacemaker that an attacker could exploit to control implanted pacemakers remotely and cause physical harm to patients.[19]

See also[edit]


  1. ^ Chien, Ször, Eric, Péter (2002). "Blended Attacks Exploits, Vulnerabilities and Buffer-Overflow Techniques in Computer Viruses" (PDF). Virus Bulletin: 35 – via Symantec Security Response.
  2. ^ "Blended Threats: Understanding an Evolving Threat Environment". Retrieved 2020-02-08.
  3. ^ "Attackers Deploy New ICS Attack Framework "TRITON" and Cause Operational Disruption to Critical Infrastructure". FireEye. Retrieved 2018-02-02.
  4. ^ "TRISIS - Analyzing Safety System Targeted Malware". Retrieved 2018-02-02.
  5. ^ Lab, Kaspersky. "WannaCry: What you need to know". Retrieved 2018-02-03.
  6. ^ "NetWalker Ransomware - What You Need to Know". The State of Security. 2020-05-28. Retrieved 2020-09-09.
  7. ^ "Blended Threats: Understanding an Evolving Threat Environment". Retrieved 2018-02-02.
  8. ^ "Blended Threats (update 1.1.): Understanding an Evolving Threat Environment". Retrieved 2018-03-01.
  9. ^ "DHS Risk Lexicon". Department of Homeland Security. 2009-07-06. Retrieved 2018-02-02.
  10. ^ Coble, Sarah (2020-06-12). "Business Owner Receives Death Threats After Racist Hack". Infosecurity Magazine. Retrieved 2020-06-23.
  11. ^ "Blended Threats: Protests! Hacking? Death Threats!?!". Retrieved 2020-06-23.
  12. ^ "Blended Threats: That Time When Ransomware Shut Down Border Security…". Retrieved 2020-09-09.
  13. ^ "Blended Threats: When Ransomware Kills…". Retrieved 2020-09-18.
  14. ^ "Ruben Santamarta (@reversemode) | Twitter". Retrieved 2018-08-13.
  15. ^ "Black Hat USA 2018". Retrieved 2018-08-13.
  16. ^ Hern, Alex (2018-08-09). "Hacked satellite systems could launch microwave-like attacks, expert warns". the Guardian. Retrieved 2018-08-13.
  17. ^ "CTA Joint Analysis On Securing Edge Devices". Retrieved 2020-04-24.
  18. ^ "They're Drinking Your Milkshake: CTA's Joint Analysis on Illicit Cryptocurrency Mining". Cyber Threat Alliance. 2018-09-19. Retrieved 2020-02-08.
  19. ^ "Blended Threats: Understanding an Evolving Threat Environment". Retrieved 2020-02-08.

External links[edit]