Malware is becoming a major threat in our lives. At least once a week, there is some news article about how some kind of malware did this or that, or how important it is that users learn how to protect themselves from these kinds of threats.
Encrypted files, stolen bank details, data breaches, these are all the things mentioned whenever someone talks about about how malware could affect someone. But are those consequences really that dire? Could being infected with malware really be that serious? The harsh reality is that it could affect anyone, and it could have very serious outcomes, possibly even put someone’s life in danger.
Affects on healthcare services
Something we have especially seen with the recent wide-spread malware attacks, WannaCry and NotPetya, is the affect malware could have on healthcare services.
Healthcare in general has been a target of malware, primarily ransomware, for a while now. You might think that it is one thing to encrypt some pictures or documents of an individual user but it is another to target services that deal with life-threatening situations every day, and even cyber crooks would not stoop so low. Right? Sadly, this does not really matter to them. These kinds of targets are the ones who are most likely to pay, and they pay large sums of money. Because what other choice do they have.
So, when an attack happens, hackers lock entire systems, preventing victims from using their computers. If the victim was a hospital, healthcare workers would then be unable to access various patient documents, and would not be able to operate some of their medical equipment. So what does that mean for patients? Ingram Micro Advisor very nicely summarizes how a healthcare service being affected by ransomware could have some very unpleasant outcomes.
A major issue healthcare workers would have to deal with is locked patient records and medical history. If a certain patient’s medical history is inaccessible and he/she is not conscious and there is no other person capable of giving that kind of information, medical workers would have no way of knowing crucial things, like whether the patient is allergic to some kind of medication, or whether they have a serious illness. This could cause serious delays in treatment, and even bring about very dangerous situations.
In addition, some medical devices are operated using a computer. If the computer is no longer functional, the device cannot be used. And if it is a device that does important tests, for example, it could cause delays in diagnosing, which would cause delays in treatments.
Vulnerabilities in pacemakers
Pacemakers are these devices that help the heart beat more regularly, when it usually beats too fast or too slow. They are an essential part of the daily lives of many people. And just a couple of days ago, US Department of Homeland Security’s CERT (Cyber Emergency Response Team) issued a report, warning that MedSec Holdings have identified vulnerabilities in pacemakers made by Abbott Laboratories.
“Successful exploitation of these vulnerabilities may allow a nearby attacker to gain unauthorized access to a pacemaker and issue commands, change settings, or otherwise interfere with the intended function of the pacemaker,” the report states.
It does sound a bit more serious than it actually is, as the attacker would have to have very advanced skills and get very close to the victim, but nevertheless, the possibility is there.
Hacking smart devices
Back in July, US’s Federal Bureau of Investigation (FBI) issued a warning to parents about Internet of Things toys that could present privacy concerns for kids. They advise that parents consider cyber security before buying Internet connected toys as not all of them are secure. The modern smart toy would contain microphones, sensors, cameras, and even GPS options. They also store data and transfer it to the manufacturer of the toy.
If your child has had a smart toy for a while, the chances are that there is a lot of information about your him/her stored somewhere. Do you know how secure the data transfers are? Or what measures are taken to ensure that data is protected? It does not even need to be said how dangerous it would be if the wrong people got hold of that information. They could have access to photos, audio recordings, and even the location of your child. It could also be turned into a spying device that could record sensitive conversations.
Perhaps one of the more widespread concerns is the possibility of hacking a smart car. The smarter the car gets, the more vulnerable it is to hacks, and car manufactures need to make sure that they implement the most up-to-date security measures. And if they do not, we could be looking at a future where cars can be taken over by hackers, which could lead to some very dangerous consequences, in this case not even an awesome motor trade insurance could save us.
Internet connected things will become part of out everyday lives eventually, and it will probably make the lives of a lot of people easier. But the security risks that this kind of technology presents need to be taken very seriously, so that all those doomsday scenarios do not become a reality.
How ransomware led to suicide
Everyone will probably have heard of ransomware, the malware that encrypts files and then demands that victims pay to get them back. And not everyone is willing to pay, whether they have backup or do not think it is worth it. Taking that into account, ransomware developers oftentimes use scare tactics in order to pressure victims to pay. It is not rare to see ransomware pretending to be from some kind of law enforcement agency, and claiming that the victim has violated a law and thus, needs to pay a fine in order to avoid prison. If you commit a crime, you’re probably not going to get off by simply paying a fine so it is rather obvious that those kinds of notes are the result of you getting your computer infected, and not of you committing a crime. But if someone who has never even heard of ransomware encounters a message saying they need to pay or they could go to prison for 15 years, they would panic. And when we panic, we make some questionable decisions.
Back in 2014, a Romanian newspaper reported that a man committed suicide with his 4-year old son as a result of a ransomware infection. The man in question, a 34- year old Romanian citizen, reportedly got his computer infected with ransomware when he was visiting an adult website. The screen-locking ransomware displayed a message saying that the man could be facing 11 years in prison if he did not pay 70 000 lei (around $18000 or €15000). The people behind that ransomware pretended to be from the police so that the victim is pressured to pay but in this case, it led to suicide.
So far, there are very little cases where malware led to someone’s life being put in danger. And hopefully, if people take care of their cyber security, it will stay that way.