At one
look
- 01. A definition of cyber attack
- 02. Why is IT security so important?
- 03. What damage can cyber attacks inflict?
- 04. What types of cyber attacks are there?
- 05. Which trends dominate the current threat landscape?
- 06. What were the largest cyber attacks in history?
- 07. How can companies protect themselves from cyber attacks?
- 08. What you need to know about cyber attacks
02
Why is IT security so important?
To prevent the proliferation of cybercrime, the topic of IT security must be taken very seriously or there may be incalculable consequences, and this is especially true for companies. Blackmail, theft of personal or company data, and failures of IT services and processes can sometimes have monumental economic consequences. In fact, it seems as if not a day goes by without reports of hacks, data leaks, or IT security breaches taking place within large companies and organizations. Hacked financial databases at a pharmaceutical company resulting in insider trading, IT security leaks at a bank that actually gave a researcher free access to $25 billion – the list goes on and on and gets longer every day.
It seems to be getting easier and easier for hackers to virtually break in at different locations simultaneously, disrupt business processes, and cause massive damage. Most of the time, they seek financial gain. This alone would be fatal for companies and their customers, but intangible losses also play a major role: image, reputation and trust in the company are equally impacted, which in very extreme cases may even result in bankruptcy.
A functioning IT security concept that is always updated (as best as possible) is therefore indispensable and can even be required by law: In 2015, the IT Security Act was enacted in Germany as a result of the Cyber Security Strategy that had been adopted by the Federal Ministry of the Interior in 2011. This primarily requires operators of at-risk IT infrastructure to ensure appropriate security (computer and data security). General IT standards were developed to make it easier for companies to choose and establish suitable security concepts for themselves; however, the BSI must verify and approve them in advance.
A side note: The owners of commercial websites must also comply with the requirements of the IT Security Act and implement the specifications and measures to the best of their knowledge and belief. These measures include, for example, the prompt and regular installation of updates or patches – the motto “A rolling stone gathers no moss” applies in this case, because cybercrime never sleeps, so you shouldn’t either. The operators of private websites are not affected by the measures stipulated under the IT Security Act (this exemption, however, does not apply to websites, blogs or the like that generate advertising revenue, for instance).
04
What types of cyber attacks are there?
In the past few years, cybercriminals have truly perfected their methods and are constantly finding ever more perfidious ways to perpetrate attacks on their victims’ IT systems.
Among the most notorious and commonly employed methods are the following:
Malware:
Most of us who have not been hiding under a rock have heard about cases of cyber attacks employing malicious software. There are many different types of malware. The best-known examples include viruses, Trojans, and worms.
Ransomware:
During a ransomware attack, a hacker gains access to the computer network and then encrypts all the valuable data he can find on it. The victim will only be able to access the lost data again with an encryption key, which can often only be recovered in return for a horrendously high ransom payment.
Spam and phishing emails:
When emails are sent by menacing scammers seeking to obtain sensitive information and data from a recipient, this is called phishing. The emails usually appear to come from reputable companies or even official institutions and service providers (police, insurance companies, etc.). The potential victim is often told that their account is at risk, whereupon they are instructed to click on a link to provide sensitive information to verify their account.
Botnets:
A botnet is a combination of networked computers or IoT devices on which a bot has been installed by malicious software. Attackers take advantage of the computing power, network connection and data of the devices they remotely control to carry out further attacks.
DDoS attacks:
Instead of hacking into a computer network to obtain valuable data, attackers can also attempt to overwhelm and slow down the network with DDoS attacks. They are able to do this by overloading it with a large number of requests. This significantly slows down performance, limiting the functionality of network-dependent processes. The image of the affected company is directly tarnished as a result.
Backdoors in software and hardware:
Not all computer networks are as secure as they may seem. It can sometimes occur, for example, that programmers leave backdoors in their code that allow hackers to gain complete access to a network. In fact, cybercriminals are constantly searching for these types of backdoors, and they know exactly how best to exploit them.
Advanced Persistent Threats (APTs):
An “Advanced Persistent Threat” (APT) is a cyber attack in which an unauthorized person gains access to a network and tries to remain undetected for as long as possible. The primary intent of an APT attack is to steal data without leaving any other traces or causing any other damage.
Social engineering:
Most cyber attackers seek to gain access to a user account and then extend its privileges. Social engineering techniques are preferred, in which the target person voluntarily gives the attacker their account details and password, but without knowing exactly who they are giving this data to.
06
What were the largest cyber attacks in history?
The Stuxnet worm can be considered a starting point for any discussion about the security of the IoT among the general public. The malware, which was first discovered in June 2010, revealed for the first time the enormous potential of cyber attacks, especially on industrial facilities. This was followed by other instances of digital sabotage attacks on similar industrial plants, causing massive financial damage. These likely included the attack on the blast furnace of a German steel plant in 2014, which began with seemingly banal phishing emails.
Other very well-known cyber attacks have included:
WannaCry:
This hacker attack is arguably the largest ransomware attack to date – over 130,000 computers were infiltrated and encrypted in spring 2017 due to a Windows security exploit (EternalBlue) that was previously used by the NSA. Those responsible targeted a number of large companies, government agencies, institutions and even hospitals; huge ransoms were demanded. Experts suspect that the North Korean Lazarus group was behind the attack.
Yahoo Data Breach:
One cyber attack will probably go down as the “best kept secret” and the biggest data breach in the history of the internet: In 2013 and 2014, the data (names, email addresses, phone numbers, security questions and answers) of over a billion Yahoo users was stolen. The incident only became public in 2016. The damage it caused was estimated to be $350 million. Analysts suspect that a possibly state-sponsored criminal gang was behind it.
Mirai/Dyn:
In the fall of 2016, attackers succeeded in disrupting the servers of DNS service provider Dyn by using a DDoS attack. As a consequence, the US provider’s customers were unavailable for hours, including major websites such as Twitter, CNN, the Guardian, and Netflix. The attack was carried out via a powerful botnet that the hackers had built out of vulnerable IoT devices such as IP cameras, printers, smart TVs, and the like using Mirai malware. This powerful combination of networked devices was even able to bring the generously the dimensioned server systems of Dyn to their knees by bombarding them with a huge number of requests. The SpainSquad, Anonymous, and New World Hackers hacker groups subsequently publicly admitted to being responsible.
German Bundestag (parliament):
In May 2015, a cyber attack that was carried out the previous year became public. It had taken down the entire network of the German parliament by employing Trojans and a spoofed email from the UN, which allowed the attackers to gain access to the internal Parlakom network. More than 16 gigabytes of sensitive data were transferred to an external hard drive. The hacker group APT28, which is affiliated with the GRU Russian military intelligence agency, is suspected of having been involved.
NotPetya/ExPetr:
This cyber attack occurred in 2017. Disguised as the “new wave” of the Petya blackmail Trojan, it quickly turned out to be a state-sponsored hack in which an update server for M.E.Doc, a Ukrainian tax preparation program, was taken over and a malware update was installed. Since this software is used by every company in the country, total chaos was achieved and soon spread to German companies and global corporations with branch offices located in Ukraine. Damage was estimated to be at least $10 billion.
07
How can companies protect themselves from cyber attacks?
As far as protective measures for companies are concerned, we should distinguish between preventive, detective, repressive, and corrective measures. But what do we mean in particular by these categories?
Ideally, attempted digital break-ins are best prevented (using preventive solutions) or detected (using detective solutions) using central monitoring and signaling before too much damage is done. Furthermore, the consequences of a possible breach should be limited (using repressive solutions) or in the best case even reversed (using corrective solutions). Preventive measures can already be taken during software development, by the way, which can significantly increase the level of security ahead of an attack.
Many security concepts employ the idea of “layers”. This is an attempt to extend IT protection to every level of a company and to ensure that all affected employees, devices, and systems are up-to-date and utilized. Awareness on the part of individuals themselves is essential: everyone must be aware of the possible risks of a cyber attack and know what to do if it comes to a worst case scenario; it is also essential to be aware of the options provided by IT security concepts.
To accomplish this, encrypting high-risk data, limiting access to data by end users, and implementing security certificates (differentiating between public, confidential, and top-secret data = data visibility) are frequently crucial.
