Parasitic malware, which seeks to steal processing power, has traditionally targeted computers and mobile devices. In the coming years, this type of malware will evolve to target more powerful, industrial sources of processing power such as Industrial Control Systems (ICS), cloud infrastructures, critical national infrastructure (CNI) and the IoT. The malware’s primary goal will be to feast on processing power, remaining undetected for as long as possible. Services will be significantly disrupted, becoming entirely unresponsive as they have the life sucked out of them.
At the Information Security Forum, we anticipate that unprepared organizations will have a wide, and often unmonitored, attack surface that can be targeted by parasitic malware. They will see infected devices constantly running at full capacity, raising electricity costs and compromising functionality. Systems will degrade, in some cases leading to unexpected failure that halts critical services.
Every organization will be susceptible to parasitic malware. However, environments with high power consumption (such as power stations, water and waste treatment plants and data centers) and those reliant on industrial IoT (such as computerized warehouses, automated factories and smart cities) will become enticing targets for malicious attackers as high-power consumption tends to mask the energy usage of parasitic malware.
What is the Justification for This Threat?
ICS, combined with the increased adoption of IoT devices with greater processing power, will provide new and irresistible targets for parasitic malware. Additionally, smart cities have a high degree of digital adoption and, according to ISACA’s 2018 Smart City survey, are particularly susceptible to malware.
‘Cryptojacking’ is a particularly popular strain of parasitic malware. It is installed on devices and steals processing power in order to illegally mine cryptocurrency. There has been a spectacular growth in cases of cryptojacking on computers and mobile devices and that this form of malware is taking over from ransomware as the most prevalent type of malware. Botnets, which also feast on processing power, are continuing to grow in scale and have already proved to have detrimental impacts on infected devices.
Parasitic malware infections on computers and other devices have already proven to generate significant costs to business. Their consumption of computational resources can cause business-critical systems to slow down or stop functioning entirely with compromised machines even infecting other network-connected devices. Parasitic malware can also exploit often overlooked security holes in a company’s network. Organizations infected with parasitic malware are also likely to be vulnerable to other exploits and attacks, such as ransomware.
Given the significant power consumption of ICS and its relatively weak security, lack of monitoring and poor patching regimes, it will become the next frontier for parasitic malware. ICS environments often rely on older hardware and low-bandwidth networks. Consequently, even a slight increase in load could leave them unresponsive. Early 2018 saw the first documented cryptojacking malware attack on an ICS network, targeting a water utility in Europe. The attack was detected by chance before the network was compromised. However, it is just a matter of time before there is a successful attack and CNI is impacted by a serious infection.
Cloud infrastructure will also be a target for parasitic malware because it offers an attack surface with large amounts of processing power in an environment where computer resource consumption is difficult to monitor. In February 2018, Tesla found a strain of parasitic malware mining Monero on its AWS cloud servers. Although there was no major impact in this particular case, it indicates the potential for such malware to affect cloud environments.
How Can Your Organization Prepare?
Organizations should start implementing suitable controls to protect against parasitic malware holistically across the business, including areas that have ICS, IoT and cloud deployments.
About the author: Steve Durbin is Managing Director of the Information Security Forum (ISF). His main areas of focus include strategy, information technology, cyber security and the emerging security threat landscape across both the corporate and personal environments. Previously, he was senior vice president at Gartner.
Source: infosec island