Why are pro-Russian hackers attacking German municipalities? And how can authorities and municipalities protect themselves from such cyber attacks in the future? In the Interview with mps' K1 magazine for the 2022 issue ProSec founder Tim and his co-founder Immanuel talk about digitization and cyber security in the public sector.
Reports in the media about hacker attacks on public IT infrastructure seem to have increased since the beginning of the Ukraine war. However, Immanuel notes that such cyber attacks are nothing new and have not increased drastically in number. So the Tagesschau announced in 2021that more than 100 authorities and public institutions in Germany were compromised by ransomware with serious consequences.
As examples of such blackmail attacks using ransomware, Tim cites the cases in Anhalt-Bitterfeld in 2021 and currently Schriesheim in the Rhein-Neckar district.
Only the motivation for these attacks is new, explains Tim: While malicious hackers usually aim to pay ransom, the pro-Russian hackers want a "show of force", i.e. the "demonstration of their own strength". Tim summarizes this type under the term "political hacking".
Because every war today is also a cyber war, hackers have already shown what they can do in this country.
The high number of authorities hacked in 2021 already suggests an assumption that Tim and Immanuel can confirm based on their professional experience: The public sector in Germany has some catching up to do when it comes to IT security.
These problems are mainly related to two aspects: On the one hand, the organization of municipalities is very complex, which allows attacks from many different sides, explains Tim. On the other hand, the topic of cyber security was often not considered consistently enough in the digitization of municipalities. Immanuel found this out frequently when advising local authorities in this area.
If you invest money in digitization, you simply have to invest money in cyber security. One just doesn't work without the other.
Someone in the authority was not paying attention for a moment, opened an attachment to an e-mail and it happened.
Professional hackers like Tim and Immanuel imitate the behavior of malicious hackers in their penetration tests in an attempt to break into government and corporate networks. Therefore, they know exactly how hackers proceed in attacks such as those on Anhalt-Bitterfeld or Schriesheim: Often an unguarded network socket in a district administration or a bus of the transport company is enough to gain access to the network.
We try to get into a certain network on behalf of our customers. An unobserved moment and a network socket in the district administration are often enough for us.
In most cases, however, hackers do not even have to bother to look for vulnerabilities on site. They simply use "the greatest weakness of every authority: the people," Immanuel knows from experience. A simple phishing e-mail, in which an unsuspecting recipient opens the attachment and thus allows malware to penetrate the network, is sufficient for this.
The aim of such hacking attacks is usually to exfiltrate data from the network in question and to encrypt the systems of the municipality or authority using crypto-Trojans. The attackers then demand a ransom for the decryption and non-publication of the data.
Tim also describes how criminal hackers operate in one SAT1 television report on the attack on the Rhine-Palatinate district in October 2022.
The massive effects of a cyber attack on an authority or municipality have become very clear in the most recent cases: In most cases, the corresponding pages are completely encrypted as a result, so that digital communication is no longer possible for weeks or months. Access to sensitive data by the hackers and their dissemination on the dark web are also often among the consequences.
In the interview, Immanuel lists other possible effects:
Access to different registers is also possible. Can't imagine what to do with it. You could also hack buses, manipulate traffic control systems and possibly even entire public utilities.
The current cyber attacks make it clear that Germany has room for improvement when it comes to IT security. However, Tim makes it clear: “You can never reduce the risk to zero. And even if that were possible, it would be disproportionately expensive.”
That doesn't mean, however, that you should stick your head in the sand and just put up with hacking attacks. On a technical level, Tim recommends a pragmatic approach that consists of three dimensions:
The two experts consider raising awareness among all employees to be at least as important. Because if you are aware of all the dangers of phishing emails and you are reminded of them regularly, the risk of a successful attack in this way decreases.
When implementing these tips, most authorities and municipalities need external support from experts such as the penetration testers at ProSec. Tim and Immanuel also have some advice for choosing the right consultant: It is important to look for an independent and trustworthy partner who offers objective advice and does not want to sell a specific product. You should not be put off by the slightly higher prices in comparison, as quality and individually tailored solutions pay off in the long term.
In order to be able to make digitization secure in the long term, cyber security must be a top priority, emphasizes Immanuel at the end of the interview.
If you ask me, cybersecurity has to be a top priority and it has to stay that way. Because otherwise it can quickly run into the sand.
Over 1.000 companies are facing infected WordPress websites whose security is threatened by JavaScript backdoors. The attack method uses four different backdoors for maximum damage. Companies must therefore implement proactive security strategies.
Hackers use misconfigurations in AWS for targeted phishing attacks. Companies are thus unknowingly opening their IT infrastructure to attacks. Traditional security measures often fail to defend against this threat.
Security researchers discover a security hole in Apple's "Find My" network that enables industrial espionage. Using the "nRootTag" method, attackers can secretly turn devices into tracking devices. Companies around the world are alarmed and are looking for protective measures.
