A new collaborative report between cybersecurity firm Forescout and cybersecurity think tank Institute for Critical Infrastructure Technology (ICIT) explores what they are coining “disruptionware” – a category of cyber attack methods using unsophisticated, IT-based commodity malware that can be devastating to critical infrastructure firms. The most widespread form of disruptionware is ransomware. The report focuses on common components of a disruptionware toolkit, including ransomware, wipers, bricking capability, automated components, data exfiltration tools, and network reconnaissance tools. According to the report, most disruptionware is devastating to critical infrastructure firms because it has a high rate of successful compromise, requires little to no continued adversarial effort, consumes the target’s resources, disrupts daily operations, and may spread down the supply chain. The report’s recommendations for defending against disruptionware are in line with many of WaterISAC’s 15 Cybersecurity Fundamentals, including asset management, network monitoring, user access controls, security awareness, network segmentation, supply chain management, incident response, and participating in information sharing (our favorite). Read the summary at Forescout.