• Technical contribution
  • Cloud and Mobile Security

it-sa 365 | Knowledge: Companies pay specialist to be hacked

While half the world has sought shelter in their own homes to wait for the end of the lockdowns, they have become more active than ever before: cybercriminals.

itsa 365: Men in dark jackets walking through a server room Red Teaming by Kapsch

While half the world has sought shelter in their own homes to wait for the end of the lockdowns, they have become more active than ever before: cybercriminals. Hackers with malicious intentions saw their window of opportunity. The migration of hundreds of millions of people to home offices has turned their computers into the new attack vector - a sudden gaping hole in the systems of hundreds of thousands of companies to spy on valuable data.

Manufacturers of security software reported a sharp increase in IT attacks in 2020. Spam, DDoS attacks, malware trojans - malicious hackers left no attempt open to infiltrate the computing systems of companies and governments. "Cyber criminals continue to develop their attacks and increase their attacks at an alarming rate," said Interpol Secretary General Jürgen Stock. "They are taking advantage of the fear and insecurity of the unstable social and economic situation created by COVID-19.


Accelerated digitization demands better cyber security

According to Interpol, not only consumers and employees of smaller companies have been targeted, but also corporations and government agencies, which have often struggled with the quickly necessary changeover to home offices. Biotech companies that started hunting for the corona virus are now also increasingly on the hit list of cyber criminals. The attackers want to obtain data on COVID-19 vaccines, possibly worth billions of euros.

Every third company is said to have become a victim of attacks. With the accelerated digitization of all industries - from the small store next door to the factory at the gates of the city - the demand for security solutions is growing rapidly. Cyber security will be at the top of the to-do list of company bosses by the crisis year 2020 at the latest.

But IT security has become a complex matter that requires specialists in defense. Sophisticated strategies such as cloud hijacking, individualized malware or CEO fraud (fake e-mails that appear to come from the boss of the company but actually come from hackers) are hardly manageable for small and large companies alike. That is why there is a trend to outsource cyber security to well-equipped specialists.

Putting cyber defense in trustworthy hands

Kapsch BusinessCom recognized this trend years ago and established its Cyber Defense Center (CDC), which works with internationally certified top analysts at military level. Customers can outsource their cyber defense to the Kapsch CDC and at the same time ensure that their data does not leave their own network. With the help of network, endpoint and log analyses as well as threat intelligence (identification of trends in attacks), the company network is permanently monitored and thus protected against possible attacks.

But good defense is not everything - preventive measures are also more important than ever. According to the "Cybercrime Report" of the Austrian Federal Criminal Police Office, social engineering (in the narrower sense of the word, outwitting employees in order to extract passwords, for example) is still the biggest gateway - even before web applications or IT infrastructure with security gaps.

To close these gaps, however, they must first be identified. There is a proven approach for this: "Red Teaming". Here, security specialists such as those from Kapsch BusinessCom are engaged to check the security of the commissioning company in the course of attack simulations. In contrast to classic "penetration testing" or "white-hat hacking", in red teaming the auditors themselves identify potential attack paths and carry them out at unknown times to put the company's cyber-resilience to the test.

The good hackers

In the process, the Kapsch Red Team slips into the role of a fictitious attacker - naturally with the knowledge of the client - and uses a wide variety of methods to penetrate and compromise the company's IT. Only a small circle is inaugurated at the attacked company, so that the Red Team can test where the security gaps are to be found as undisturbed as possible. For example, they simulate how documents from customer databases can be fished out, e-mail communication with the management can be intercepted or financial transactions can be accessed.

The fake attack by the Red Team can last for several months, depending on the agreement, and serves to uncover technical weaknesses as well as process and structural problems. The Red Team works closely with the CDC, which can detect, observe, analyze and document the ongoing attacks. This results in a final report, which makes it transparent where the attackers are located.