The BSI 2022 report on the state of IT security makes it clear that the threat of hacker attacks continues to rise. In this article in the Süddeutsche Zeitung (SZ), the IT security experts from ProSec compare the statistical evaluations with their practical experience and explain how the report can be more positive this year.
The article aptly summarizes the conclusion of the BSI Management Report 2022: "The threat in cyberspace has never been as great as in 2022." This is not least due to the activities of pro-Russian hacker groups in connection with the Ukraine war, which as called "hacktivism". These attacks affect both private companies and public sector institutions.
The article highlights two examples that illustrate the scope of successful cyber attacks: A German mineral oil company, for example, had to temporarily shut down critical processes because hacktivists attacked the American parent company. A successful hacking attack on the Ukrainian satellite communications resulted in a failure of the remote maintenance of German wind turbines.
Our founder Tim explains what the hacktivists are about in these cases:
While malicious hackers usually aim to pay ransom, the pro-Russian hackers want a "show of force", i.e. the demonstration of their own strength.
Despite these new developments, “ransomware is still the main problem,” the article in the SZ makes clear. Both the number of victims and reported ransom and hush-money payments have continued to increase.
This no longer only affects private companies or even particularly high-revenue companies (so-called "Big Game Hunting"). Attacks on municipal administrations are no longer uncommon. The article cites the ransomware attack on the Anhalt-Bitterfeld district as a particularly drastic example. As a result, the first digital disaster was declared in Germany, since, for example, it was not possible to pay social benefits over a long period of time.
In the SZ article, our two founders make it clear why hackers still have such a high success rate: First of all, digitization is creating more and more interfaces and attack vectors. Second, every company and every authority ultimately has people who are the weakest link in the defense chain when it comes to cyber security.
In most cases, however, hackers use “the greatest weakness of every authority, the people,” Immanuel Bär knows from his many years of experience.
In most cases, it doesn't take much for a successful hacking attack, as Tim and Immanuel know from experience: a classic phishing email with malware attached is often enough to gain access to a network. Data is then encrypted and exfiltrated from the networks, and the victims are blackmailed.
However, people are not only the greatest weakness of any IT, they are also the actual victims, as the example of Anhalt-Bitterfeld shows. Immanuel emphasizes that this is exactly what motivates the ProSec team:
Attacks on IT ultimately always affect people. This is one of the most important motivations for us to support authorities on this topic.
Cyber resilience can only be built up in a company or authority in a targeted and efficient manner if an "anamnesis" of the current situation is first taken. This is exactly the goal of our penetration tests.
In the article in the SZ, our experts use an example to illustrate how important it is to include the human factor and physical security in such a security assessment: During the penetration test for the municipal utilities of a location, our pentesters found documents in the information gathering phase a freely accessible paper container. This allowed them to find out the name of an IT service provider for the public utility company and pretend to be the latter in a phishing call. In this way, they obtained further confidential information, which an intern we smuggled in was able to make use of it on site afterwards. The intern placed a network sniffer with an LTE connection - with the inscription "IT, please leave it" and thus compromised an operational technology network.
In this and all other penetration tests we carry out, we act like malicious hackers, but without actually causing any damage. On the contrary: We support our customers in eliminating the security gaps so that other hackers can no longer exploit them.
Over 1.000 companies are facing infected WordPress websites whose security is threatened by JavaScript backdoors. The attack method uses four different backdoors for maximum damage. Companies must therefore implement proactive security strategies.
Hackers use misconfigurations in AWS for targeted phishing attacks. Companies are thus unknowingly opening their IT infrastructure to attacks. Traditional security measures often fail to defend against this threat.
Security researchers discover a security hole in Apple's "Find My" network that enables industrial espionage. Using the "nRootTag" method, attackers can secretly turn devices into tracking devices. Companies around the world are alarmed and are looking for protective measures.
