Complex Threats: Ransomware, Hurricanes, Murder, Defacements, Bots, and Blackouts… ?

Over the course of this year, our team has shared a number of posts regarding blended and complex threats. As we see more occurrences and updates relating to these areas, we like to occasionally point out how such threats can manifest themselves in our current threat environment. What follows is a little background and excerpts from several recent articles relating to Complex Threats.

“If there’s a really big cyber event, like a breach, there will be physical ramifications. We’re going to get a lot of press and a lot of calls and have to deal with that. The divide is no longer clear.” – Kim Milford, Executive Director, REN-ISAC, in an interview with EdTech, 18 Oct 2018

In a recent post we explained blended and complex threats. We’ve defined blended threats as natural, accidental, or purposeful physical or cyber dangers that have or indicate the potential to have crossover impacts and harm life, information, operations, the environment, and/or property.

A key distinction of blended threats is the above noted crossover component – one attack, with crossover effects. What we mean by crossover is a threat the originates in one domain (say cyber or natural hazard) and that has impacts across to another domain (say physical infrastructure or network capabilities). That is different than complex threats.

A key distinction of blended threats is the crossover component – one attack, with crossover effects; a threat that originates in one domain and that has impacts across to another domain

Complex threats would be two or more separate attacks aimed at the same general or specific target(s) or objective(s). Complex attacks could be multiple attacks of one kind – say hostile events aimed at a specific series of targets as seen in the Paris terrorist attacks in 2015 – or they could be, for example, something involving both a cyberattack and a separate physical activity, that may or may not be coordinated efforts. Not unlike Mike Tyson’s legendary hook-uppercut combo, complex threats have the potential for catastrophic effects.


As Nature Attacks, Cybercriminals Pounce

Threat Post: “In County Crippled by Hurricane, Water Utility Targeted in Ransomware Attack.” 16 Oct 2018, by Lindsey O’Donnell, @LindseyOD123. “A ‘critical water utility’ has been targeted in a recent ransomware attack, significantly impeding its ability to provide service in the week after Hurricane Florence hit the East Coast of the U.S. The Onslow Water and Sewer Authority (ONWASA) said in a Monday release that a ‘sophisticated ransomware attack… has left the utility with limited computer capabilities.’ While customer data was not compromised as part of the attack, the lack of computing ability will impact the timeliness of service from ONWASA ‘for several weeks to come.’ ‘We are in the middle of another disaster following Hurricane Florence and tropical storm Michael,’ CEO Jeff Hudson said in a video posted on Facebook, speaking to employees on the matter. ‘With a very sophisticated attack they penetrated our defenses, just as they penetrated the city of Atlanta and Mecklenburg county.’” Read more.

Murder and Geopolitics Supported by Bots

BBC: “Khashoggi: Bots feed Saudi support after disappearance.” 18 Oct 2018, by Chris Bell and Alistair Coleman, @BBC. “Suspected bot accounts are attempting to shape the social media narrative following the disappearance of Saudi journalist Jamal Khashoggi. Arabic hashtags expressing support for de facto Saudi leader Crown Prince Mohammed Bin Salman, condemning news organisation Al Jazeera and urging users to ‘unfollow enemies of the nation’were among those amplified by the involvement of bot networks alongside genuine users. Twitter has suspended a number of bot accounts.” Read more.

Frustrated by an IRL Murder, Hacktivists Send a Message

Motherboard: “Hackers Allegedly Alter ‘Davos in the Desert’ Site to Show Image of Murdered Journalist Jamal Khashoggi.” 22 Oct 2018, by Joseph Cox, @josephfcox. “The fallout from Saudi Arabia’s killing of a Washington Post columnist continues. On Monday, hackers appeared to briefly deface the website of ‘Davos in the Desert,’ Saudi Arabia’s Future Investment Initiative, and uploaded an image of murdered journalist Jamal Khashoggi and the Saudi Crown Prince Mohammed bin Salman. ‘For the sake of security for children worldwide, we urge all countries to put sanction on the Saudi regime,’ a message underneath the image read, according to screenshots shared bymultiple reportersand analysts on Twitter. At the time of writing, the website is offline.” (it came back up shortly after) Read more.

Not unlike Mike Tyson’s legendary hook-uppercut combo, complex threats have the potential for catastrophic effects.

Attacking Appliances to Spark Physical Blackouts

PYMNTS: “Hackers Target IoT-Enabled Appliances To Spark Blackouts.” 18 Oct 2018, by @pymnts. “A new study has found that hackers can use appliances that are connected via the Internet of Things (IoT) to set off widespread blackouts. The data from a Princeton University study found that hackers are able to take control of washing machines, refrigerators, air conditioners, and other connected devices to ‘manipulate the power demand in the grid,’ which can then cause local power outages and large-scale blackouts. In fact, according to the Princeton study, a MadIoT attack, or manipulation of demand via IoT, can allow a hacker to take control of 90,000 air conditioners or 18,000 electric water heaters, allowing them to shut down all generators in a specific area. That could become a reality as IoT appliances become more popular. Data from Gartner estimates that by 2021 homes around the world will have more than 15 billion connected devices, an increase from the 4.8 billion out there today. In addition, 40 percent of smart home appliances globally are currently being used for botnet attacks, and that number is expected to rise to more than 75 percent by 2021. ‘It’s the equivalent of a cyber army of controlled devices attacking some of the core services that form the internet.’” Read more.

Facility Doxxing Can Help Physical Attacks

Tech Spot: “Wikileaks dumps Amazon data center locations for all to see.” 12 Oct 2018, by Greg Synek, @TechSpot. “Locations of Amazon’s hidden data centers have been put on full display by Wikileaks. Being the only cloud provider authorized to store classified government data, Amazon has been very careful of not disclosing where or how exactly it runs its operations. As the largest provider of cloud services, Amazon currently operates around 34 percent of the world’s cloud infrastructure. Oddly enough though, you will not see too many data centers with Amazon branding on them. Playing host to both classified and unclassified government data, Amazon discloses as little as possible about where their hardware is and how it all integrates. Until now, only a small number of data centers have been confirmed to have ties to Amazon Web Services. Wikileaks has decided to publish the addresses and select operating details for over one hundred data centers. A documented entitled Amazon Atlas dates back to 2015 showing locations that span fifteen cities across nine countries.” Read more.

We’ll continue to monitor and share more on blended and complex threats, incidents and development in the future.


Our team includes security updates in our free daily paper, the Gate 15 SUN. We encourage readers to consider the evolving blended threat environment and to take that into consideration as you plan and conduct preparedness, security and operations. Read some of our previous posts on blended threats in the links below.

Understand the ThreatsAssess the Risks. Take Action.

What are blended threats? A blended threat is a natural, accidental, or purposeful physical or cyber danger that has or indicates the potential to have crossover impacts and harm life, information, operations, the environment, and/or property.

Maintain security and threat awareness via Gate 15’s free daily paper, the Gate 15 SUN and learn more about Hostile Events Preparedness and our HEPS Program here. Gate 15 provides intelligence and threat information to inform routine situational awareness, preparedness planning, and to penetrate the decision-making cycle to help inform time-sensitive decisions effecting operations, security, and resourcesWe provide clients with routine cyber and physical security products tailored to the individual client’s interests.  Such products include relevant analysis, assessments, and mitigation strategies on a variety of topics. 

Related Posts