CRITIS were targeted by cybercriminals in 2021, according to the BKA’s federal situation report “Cybercrime”. A guest article by Falk Herrmann, CEO of Rohde & Schwarz Cybersecurity.
In the majority of cases, such attacks are backed by ransomware attacks. The number of extortion attacks continued to increase in 2021, according to the BKA. At the same time, the annual damage caused by ransomware has increased rapidly in recent years: to around 24.3 billion euros in 2021 from 5.3 billion euros in 2019. The average damage per attack has increased by 21 percent.
On July 5, 2021, the Anhalt-Bitterfeld district administration fell victim to a serious cyberattack. Following the ransomware attack, the provision of public services was permanently restricted. The district declared a disaster situation. A first. Even months after the attack, regular operations were still not possible.
The cyberattack on the Anhalt-Bitterfeld district was a highly spectacular incident among many. According to the latest BKA situation report, critical infrastructures (CRITIS) and public authorities were particularly targeted by attackers last year. The reason for the increased attacks on KRITIS is that they are of immense importance to the state and depend on the smooth operation of their IT systems. As a result, a successful attack can lead to societal hardship and drastic effects on civilians, for example, when power and water supplies or public safety are acutely threatened. This makes them easy to blackmail
Why Ransomware is becoming more and more dangerous
- The malware is available in the online store
It is becoming increasingly easy for criminals to launch extortion attacks. This is because the malware needed for this can now be purchased by anyone from relevant sites on the Internet. Such “Ransomware-as-a-Service” offerings are further increasing the spread and professionalization of the attacks.
2 Phishing is becoming more and more professional
Personal data can already be acquired for small sums. Phishing e-mails can therefore be made more and more realistic. It becomes almost impossible for a company’s employees to detect criminal e-mails. This is extremely dangerous for companies: Because phishing was among the main entry vectors for malware in 2021 – including ransomware.
- Fake e-mails fuel the fear
Phishing emails about Covid-19 may have decreased in 2021. However, phishing messages still frequently refer to current social developments, according to the BKA. Above all, they try to exploit recipients’ insecurities or build up a fearful scenario. This is achieved, for example, by setting tight deadlines or threatening fines. The senders most frequently imitated for phishing in 2021 were Microsoft, DHL, Amazon, Google and WhatsApp.
- The success rate is increasing
The reliance on digital data has grown significantly in businesses and government agencies. Companies are therefore more willing to respond to extortionists’ demands. An important lever for digitalization was the home office – significantly more data is now stored on government corporate servers than was the case before the pandemic.
- Blackmail business is becoming more and more lucrative
Data has long since not only been encrypted in ransomware attacks, but also stolen from the systems. In this way, they can be resold. In addition, hackers can demand hush money if they threaten to make it public. Customers of the actual victims are also blackmailed into publishing their data if no payment is made.
- DDoS Exacerbates Extortion
In addition to data encryption and publication, more and more DDoS (Distributed Denial of Service) attacks are crippling victims’ websites. In 2021, the BKA has noted increased multi-vector attacks, so-called carpet bombing and a combination of DDoS and ransomware attacks. With such attacks, cybercriminals attempt to overload the target system with a large amount of data in such a way that it is unavailable or only available to users to a very limited extent.
- Cybercriminals reinvent themselves
Yesterday Darkside today Blackmatter, just now Grandcrab – then Revil: When the investigative pressure on a hacker group increases, it often dissolves – only to reinvent itself under a different name some time later. Often with new methods and even more dangerous than before.
- Emotet is back
Ransomware has also been on the rise recently because the Emotet Trojan, “the most dangerous software in the world,” has resurfaced. It serves as a gateway through which other malware can be reloaded, including ransomware. In fact, Emotet was crushed by an international action in January 2021, but it reappeared as early as November.
- Human Factor Vulnerability
Phishing targets the “human factor” vulnerability. Employees are becoming more adept at opening malicious attachments and going to websites with malicious code. Employee training is not a suitable means of warding off these attacks. Even an instruction not to open attachments is a completely inadequate protection against cyberattacks. After all, people make mistakes and such mistakes can have serious consequences.
- Common IT security tools are powerless
In view of this increasingly professional and skillful approach of the perpetrators, individual firewalls or virus protection programs are no longer sufficient.
What can companies, authorities and KRITIS do?
The browser is the number one gateway for ransomware and other malware. The best protection against such attacks from the Internet is a virtual browser. A virtual browser allows users to browse the Internet without hackers gaining access to corporate networks. The Browser in the Box from Rohde & Schwarz Cybersecurity, for example, closes the “Internet” security gap by enabling a “digital” quarantine for hacker attacks. At the computer level, complete isolation takes place so that malware is kept away from the rest of the user’s PC. In addition, at the network level, access to the Internet is separated from the intranet. Thus, the internal corporate network (intranet) is completely separated from the Internet. This mechanism also protects against attacks via e-mail attachments or during web conferences with microphone use and webcam support.
If a virtual browser is used, cybercriminals have no chance. In addition, further protective measures should be taken – for example, encryption of the terminals, a highly secure VPN connection and protection of the home WLAN. With such 360-degree protection, authorities and KRITIS make an attack more difficult.