What is a cyber attack?

Due to the global networking of today's IT systems, it is hardly ever the case that they are used in isolation. IT systems communicate both locally and globally via networks such as mobile networks or the Internet.

The totality of these globally communicating IT systems is called cyber space.

An important part of cyberspace is the Internet and more and more IT communication relationships are being moved there. The constant and daily accumulation of enormous floods of data and information makes cyberspace a very attractive target for hackers.

In addition to the Internet (GAN), however, many other networking structures are also used, for example LAN, WAN, etc.

A wide variety of attacker groups primarily use cyber space as an attack vector to achieve their interests with a specific goal in mind.

Table of contents

These interests may be:

  • Blackmail with demand for money
  • Information Retrieval
  • Sabotage
  • Influencing or enforcing political interests

...and many other interests

"If you have something that can be valuable to a competitor,
you will be targeted and almost certainly compromised."

We primarily distinguish between the following three attacker groups:

  • Script Kiddie - The District League
  • Technical Attacker - The National League
  • Industrial Hacker - The Champions League
You want to protect yourself against cyber attacks?
Arrange a consultation appointment now!
Request advice

Common attack purposes include:

Espionage (attack on confidentiality)

Alice Bob Chuck sketch

Manipulation (attack on the integrity)

Alice Bob Chuck sketch

Sabotage (attack on the availability)

Alice Bob Chuck sketch

Typical cyberattacks:

Phishing is one of the most common and promising types of cyber attacks. Attackers try to access user data or compromise the company's IT environment via fake emails or websites.

Ransomware is malware, also known as crypto Trojans or extortion Trojans in the German public. This cyber attack uses cryptographic methods to encrypt a user's files and thus deny him access to them, sometimes even to the entire computer system and the connected network.
Depending on the target of the malicious code, the malware can delete and edit files in the system or disclose data about the user's behavior to third parties.

Cross-site scripting (XSS) are client-side cyber attacks on websites and what is connected to them.

For example, JavaScript code is inserted into form fields or ads on the web page, which is executed when the code is sent back to the server. SQL injections, which directly target the connected database, fall into a similar category.

In Stored XSS, the malicious JavaScript code stored in the database as part of the cyber attack is executed on every call.

Social engineering involves psychological manipulation using a wide variety of methods to gain the trust of a specific person so that he or she will disclose important data (e.g., login names and passwords). Occasionally, it also involves simply eavesdropping on a target person.

Due to the constant development in the IT world, new types of cyber attack methods and scenarios occur almost daily.
Further cyber attack scenarios, such as phishing, ransomware or malware, can be found in the wiki of our website.

Protection against cyber attacks

Unfortunately, there is no 100 percent protection against cyber attacks. Nevertheless, it is possible to clearly identify and mitigate the effect of such attacks by taking appropriate measures.

Is your IT secured against cyber attacks?
Get a penetration test done now!
More about the penetration test

Appropriate measures are:

  • A well-functioning IT infrastructure
  • Penetration testing
    to protect serious security vulnerabilities and the resulting attacks, by professional hackers.
    Closing IT vulnerabilities as quickly as possible.
  • Continuous Security Testing
    Continuously test and optimize the IT infrastructure & applications.
  • Security Awareness Trainings
    Prepare employees specifically for social engineering and sensitize them to IT attacks.
  • Monitoring = transparency of the entire IT infrastructure
  • Segmentation
    e. g. E.g. network separation "Accounting" from "Production
  • Qualitative patch management as well as configuration management
    e. g. e.g. all updates are up to date
  • Early detection of security gaps (through e.g. V-screening)

Table of contents

Do you want to be part of our team?