Cyber Security Writing

What is a cyber attack?

A cyber attack is a malicious and intentional attempt to compromise the security of an information system. The attacker often expects to derive some sort of benefit from disrupting the victim’s network – for example, he may want to steal sensitive data, purposefully shut down business processes or permanently damage the reputation of the victim.

Myra Services on this topic: Flexible protection against a wide range of threat scenarios with the Myra Hyperscale WAF
Person holds up a red card

01

A definition of cyber attack

A cyber attack is a targeted attack on one or more information technology systems; it is planned and executed by a person (hacker) or an organization that has made it its goal to harm the respective “victim” – in whichever way possible. The attack takes place exclusively in virtual cyberspace. Cyber attacks mainly employ malware or spyware, such as Trojans, viruses, or worms. These malicious programs are now so sophisticated and highly developed that conventional defense and tracing options are often limited or simply cannot deliver what they promise. It is therefore often not possible to draw conclusions about the identity and background of the attacker. Theoretically, any computer connected to a network can become a victim of a hacker attack. To prevent such an attack, the German Federal Office for Information Security (BSI) has set up an informational website that provides tips and advice on how private individuals and companies can best protect themselves. Some cyber threats also have deeper, sometimes political motives; some attackers seek to steal, destroy, or take over systems and data in the name of “hacktivism” to benefit a cause.

Current studies show that cybercrime is on the rise year after year. Attackers repeatedly attempt to profit from particularly vulnerable corporate systems and exploit their potential weaknesses. Often, they also aim for a ransom.

02

Why is IT security so important?

To prevent the proliferation of cybercrime, the topic of IT security must be taken very seriously or there may be incalculable consequences, and this is especially true for companies. Blackmail, theft of personal or company data, and failures of IT services and processes can sometimes have monumental economic consequences. In fact, it seems as if not a day goes by without reports of hacks, data leaks, or IT security breaches taking place within large companies and organizations. Hacked financial databases at a pharmaceutical company resulting in insider trading, IT security leaks at a bank that actually gave a researcher free access to $25 billion – the list goes on and on and gets longer every day.

It seems to be getting easier and easier for hackers to virtually break in at different locations simultaneously, disrupt business processes, and cause massive damage. Most of the time, they seek financial gain. This alone would be fatal for companies and their customers, but intangible losses also play a major role: image, reputation and trust in the company are equally impacted, which in very extreme cases may even result in bankruptcy.

A functioning IT security concept that is always updated (as best as possible) is therefore indispensable and can even be required by law: In 2015, the IT Security Act was enacted in Germany as a result of the Cyber Security Strategy that had been adopted by the Federal Ministry of the Interior in 2011. This primarily requires operators of at-risk IT infrastructure to ensure appropriate security (computer and data security). General IT standards were developed to make it easier for companies to choose and establish suitable security concepts for themselves; however, the BSI must verify and approve them in advance.

A side note: The owners of commercial websites must also comply with the requirements of the IT Security Act and implement the specifications and measures to the best of their knowledge and belief. These measures include, for example, the prompt and regular installation of updates or patches – the motto “A rolling stone gathers no moss” applies in this case, because cybercrime never sleeps, so you shouldn’t either. The operators of private websites are not affected by the measures stipulated under the IT Security Act (this exemption, however, does not apply to websites, blogs or the like that generate advertising revenue, for instance).

Code on a screen

03

What damage can cyber attacks inflict?

The consequences of a cyber attack are often as wide-ranging as they are disastrous: from stolen identities and certain cases of immense financial losses and damage to image and reputation – which can take years to “rebuild” – to the complete blackout of critical (IT) infrastructure and considerable fallout of industrial and political espionage.

Another consequence that should not be ignored is claims for damages – such as, for example, from customers of a company that has been the victim of a cyber attack. These can quickly run into the millions when a hack occurs. And this does not even include damage to a company’s image. To protect themselves against these (and other) consequences of a hacker attack, 51% of risk managers at US companies already rely on cyber insurance according to a survey conducted by “The Risk Management Society”; in Germany, the number is also rising.

04

What types of cyber attacks are there?

In the past few years, cybercriminals have truly perfected their methods and are constantly finding ever more perfidious ways to perpetrate attacks on their victims’ IT systems.

Among the most notorious and commonly employed methods are the following:

Malware:

Most of us who have not been hiding under a rock have heard about cases of cyber attacks employing malicious software. There are many different types of malware. The best-known examples include viruses, Trojans, and worms.

Ransomware:

During a ransomware attack, a hacker gains access to the computer network and then encrypts all the valuable data he can find on it. The victim will only be able to access the lost data again with an encryption key, which can often only be recovered in return for a horrendously high ransom payment.

Spam and phishing emails:

When emails are sent by menacing scammers seeking to obtain sensitive information and data from a recipient, this is called phishing. The emails usually appear to come from reputable companies or even official institutions and service providers (police, insurance companies, etc.). The potential victim is often told that their account is at risk, whereupon they are instructed to click on a link to provide sensitive information to verify their account.

Botnets:

A botnet is a combination of networked computers or IoT devices on which a bot has been installed by malicious software. Attackers take advantage of the computing power, network connection and data of the devices they remotely control to carry out further attacks.

DDoS attacks:

Instead of hacking into a computer network to obtain valuable data, attackers can also attempt to overwhelm and slow down the network with DDoS attacks. They are able to do this by overloading it with a large number of requests. This significantly slows down performance, limiting the functionality of network-dependent processes. The image of the affected company is directly tarnished as a result.

Backdoors in software and hardware:

Not all computer networks are as secure as they may seem. It can sometimes occur, for example, that programmers leave backdoors in their code that allow hackers to gain complete access to a network. In fact, cybercriminals are constantly searching for these types of backdoors, and they know exactly how best to exploit them.

Advanced Persistent Threats (APTs):

An “Advanced Persistent Threat” (APT) is a cyber attack in which an unauthorized person gains access to a network and tries to remain undetected for as long as possible. The primary intent of an APT attack is to steal data without leaving any other traces or causing any other damage.

Social engineering:

Most cyber attackers seek to gain access to a user account and then extend its privileges. Social engineering techniques are preferred, in which the target person voluntarily gives the attacker their account details and password, but without knowing exactly who they are giving this data to.

Code on a screen

05

Which trends dominate the current threat landscape?

According to the BSI, the risks and threats posed by cyber attacks are increasing rapidly, but at the same time dependence on IT and IoT is growing day by day, both for companies and private individuals. The potential for damage is constantly growing, and there are hardly any absolutely secure and all-encompassing protection concepts and measures, or they require a great deal of effort, maintenance and, of course, financial resources to implement.

The greatest risk is currently being faced by operators of critical infrastructure, but the risk of becoming the victim of a hacker attack is also very high for economic institutions, government agencies, science and research institutions, and medical facilities. This is where the most sensitive data is “stored,” and this is why the BSI regularly provides up-to-date situation reports on the cyber security situation, which can be accessed as needed.

A brief excerpt from the current situation report: “Attackers continue to be highly active in (further) developing malware and finding new ways to attack. The BSI has registered around 114 million new variants of malware, observed DDoS attacks tying up to 300 Gbit/s of bandwidth, and registered over 110,000 bot infections every day, mostly on mobile and Internet of Things (IoT) devices”.

06

What were the largest cyber attacks in history?

The Stuxnet worm can be considered a starting point for any discussion about the security of the IoT among the general public. The malware, which was first discovered in June 2010, revealed for the first time the enormous potential of cyber attacks, especially on industrial facilities. This was followed by other instances of digital sabotage attacks on similar industrial plants, causing massive financial damage. These likely included the attack on the blast furnace of a German steel plant in 2014, which began with seemingly banal phishing emails.

Other very well-known cyber attacks have included:

WannaCry:

This hacker attack is arguably the largest ransomware attack to date – over 130,000 computers were infiltrated and encrypted in spring 2017 due to a Windows security exploit (EternalBlue) that was previously used by the NSA. Those responsible targeted a number of large companies, government agencies, institutions and even hospitals; huge ransoms were demanded. Experts suspect that the North Korean Lazarus group was behind the attack.

Yahoo Data Breach:

One cyber attack will probably go down as the “best kept secret” and the biggest data breach in the history of the internet: In 2013 and 2014, the data (names, email addresses, phone numbers, security questions and answers) of over a billion Yahoo users was stolen. The incident only became public in 2016. The damage it caused was estimated to be $350 million. Analysts suspect that a possibly state-sponsored criminal gang was behind it.

Mirai/Dyn:

In the fall of 2016, attackers succeeded in disrupting the servers of DNS service provider Dyn by using a DDoS attack. As a consequence, the US provider’s customers were unavailable for hours, including major websites such as Twitter, CNN, the Guardian, and Netflix. The attack was carried out via a powerful botnet that the hackers had built out of vulnerable IoT devices such as IP cameras, printers, smart TVs, and the like using Mirai malware. This powerful combination of networked devices was even able to bring the generously the dimensioned server systems of Dyn to their knees by bombarding them with a huge number of requests. The SpainSquad, Anonymous, and New World Hackers hacker groups subsequently publicly admitted to being responsible.

German Bundestag (parliament):

In May 2015, a cyber attack that was carried out the previous year became public. It had taken down the entire network of the German parliament by employing Trojans and a spoofed email from the UN, which allowed the attackers to gain access to the internal Parlakom network. More than 16 gigabytes of sensitive data were transferred to an external hard drive. The hacker group APT28, which is affiliated with the GRU Russian military intelligence agency, is suspected of having been involved.

NotPetya/ExPetr:

This cyber attack occurred in 2017. Disguised as the “new wave” of the Petya blackmail Trojan, it quickly turned out to be a state-sponsored hack in which an update server for M.E.Doc, a Ukrainian tax preparation program, was taken over and a malware update was installed. Since this software is used by every company in the country, total chaos was achieved and soon spread to German companies and global corporations with branch offices located in Ukraine. Damage was estimated to be at least $10 billion.

07

How can companies protect themselves from cyber attacks?

As far as protective measures for companies are concerned, we should distinguish between preventive, detective, repressive, and corrective measures. But what do we mean in particular by these categories?

Ideally, attempted digital break-ins are best prevented (using preventive solutions) or detected (using detective solutions) using central monitoring and signaling before too much damage is done. Furthermore, the consequences of a possible breach should be limited (using repressive solutions) or in the best case even reversed (using corrective solutions). Preventive measures can already be taken during software development, by the way, which can significantly increase the level of security ahead of an attack.

Many security concepts employ the idea of “layers”. This is an attempt to extend IT protection to every level of a company and to ensure that all affected employees, devices, and systems are up-to-date and utilized. Awareness on the part of individuals themselves is essential: everyone must be aware of the possible risks of a cyber attack and know what to do if it comes to a worst case scenario; it is also essential to be aware of the options provided by IT security concepts.

To accomplish this, encrypting high-risk data, limiting access to data by end users, and implementing security certificates (differentiating between public, confidential, and top-secret data = data visibility) are frequently crucial.

Cybersecurity Solutions by Myra

Code on a screen

08

What you need to know about cyber attacks

One thing is certain: Cyber criminals can make tried and tested methods of attack even more effective and destructive by using increasingly unscrupulous measures, which they can constantly adapt in light of the technological landscape. Past as well as recent incidents that endanger the security of industrial and private infrastructure make it clear that prevention is vitally important. IT security must be taken seriously by companies.

On the positive side, however, protection technologies are changing and developing to counter the ever improving attack methods of hackers – forward-looking companies know how to take advantage of this development and view the integration potential of a comprehensive IT security concept as a top priority. Myra Security provides the appropriate opportunities for this: Our software solutions, which we have developed in-house, are perfectly designed for the fast pace of IT and IoT. With Myra DDoS protection, web applications, websites, DNS servers, and IT infrastructure are protected both comprehensively and fully automatically.