Killware - What it is, how it causes real-world harm, and how to prevent it

Killware

What it is

Killware is a cyberattack designed to cause real-world harm. Instead of only stealing data or money, attackers aim to disrupt systems people rely on - power, water, hospitals, transport - so failures can lead to injuries or loss of life.

Why it matters

Modern infrastructure is deeply connected. A successful digital hit on operational tech can shut down care, delay responders, or taint supplies, turning a keyboard attack into a physical emergency.

How it works - quick tour

  • Ransomware or wipers cripple critical systems to force downtime

  • Access to OT/ICS through flat networks or weak remote access

  • Supply chain compromises push malicious updates into trusted systems

  • Data tampering alters sensor readings or alarms so operators act on lies

What to watch for

  • Simultaneous outages across dependent systems

  • Sudden loss of visibility into sensors or alarms

  • Unexplained configuration changes on PLCs, HMIs, or gateways

If you suspect it - first moves

  1. Protect people first - fail safe to manual procedures.

  2. Isolate affected networks and switch to known-good backups.

  3. Engage incident response and regulators - preserve logs and images.

  4. Segment and verify before bringing systems back online.

Prevent it

  • Separate IT and OT networks with strict segmentation and one-way gateways where possible

  • Enforce MFA, least privilege, and monitored remote access

  • Patch internet-facing assets fast and harden vendor connections

  • Continuously monitor OT with anomaly detection and tested runbooks

  • Run regular drills that include safety, clinicians, and operators

    Glossary (A–Z)

    All A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

      • Related Articles

      • NDR (Network Detection And Response)

        What it is Network Detection and Response (NDR) watches live network traffic to spot and investigate suspicious behavior in real time. Instead of relying on signatures, it analyzes patterns and anomalies to catch threats moving across your ...

      • EDR (Endpoint Detection and Response)

        What it is EDR is your always-on security team for laptops and servers. It watches what’s happening on each device, spots attacks in progress, and helps you respond fast - quarantine, investigate, and clean up. For details on capabilities and use ...

      • Data Breach Prevention

        Why it matters Breaches drain money, trust, and time. Strong basics turn scary “what ifs” into non-events: a phish gets ignored, a stolen password is useless, a lost laptop holds only encrypted gibberish. The short, smart checklist MFA everywhere: ...

      • XDR (Extended Detection and Response)

        What it is XDR is a security system that watches your company’s devices, email, cloud, and network together and connects the dots. Instead of separate tools, XDR pulls all the signals into one place, spots attacks faster, and can auto-block bad ...

      • Data Execution Prevention

        What it is Data Execution Prevention (DEP) is a Windows safety net that stops code from running in places it shouldn’t—like the stack or heap. If malware tries to execute from those memory areas, Windows blocks it and shuts the app down instead of ...