365 days a year: solutions, knowledge and networking.
Find and offer innovative IT security solutions, take part in our diverse action program and make and maintain contacts.
Become part of the it-sa 365 community!
So that you can make an appointment, the calendar will open in a new tab on the personal profile of your contact person.
So that you can make an onsite appointment, the appointment request will open in a new tab.
Crime is migrating more and more into the digital space, investigators can no longer keep up: while the number of cases is rising, the clearance rate is stagnating. In addition, outdated IT security solutions are often not sufficient to ward off current threats such as ransomware. Also, cybercriminals are becoming increasingly professional.
Experts warn: far too often, companies are still stuck in the cyber security of the 90s. But the demands on IT security are increasing.
The first to be affected was the Austrian Financial Market Authority (FMA). A security flaw in the data transfer tool MOVEit allowed attackers to steal data records with personal references by means of SQL injection. The FMA did not give further details, but the software is not only used in the financial sector, but also in the health and insurance sector. For example, the public german health insurance AOK had to stop a large part of its internet activities as a result, and insured persons needed a lot of patience.
Shortly afterwards, Deutsche Leasing, a subsidiary of the Sparkassen Group, was targeted. The security systems had detected anomalies in the network traffic, whereupon several systems were shut down as a precaution. According to a company spokesperson, new leasing contracts could only be concluded on paper for the time being. The systems that were shut down were still not back online after more than a week, and the employees' ability to work was limited.
The current attacks on financial institutions are no coincidence; they reveal the goals and tactics of the cyber gangsters. At the same time, they are an indication of the permanent professionalisation of the underground scene.
The heads of security services and investigative authorities are showing concern: "We already have over 20,000 software vulnerabilities this year," explained deputy BSI president Gerhard Schabhüser during this year's Potsdam Conference on National Cyber Security of the Hasso Plattner Institute (HPI). This is also reflected in massively increased attacks. "European Air Traffic Control has recorded a 500 percent increase in attacks within one year," reports Major General Wolfgang Wien, Vice President of the German Federal Intelligence Service. The investigators cannot keep up with this development: "The clearance rate is below 30 percent," admits BKA President Holger Münch. So there is a big disproportion, because there is no real increase, but there is an increase in the number of offences. Münch has already identified one cause: "The police forces work too much side by side in the digital space". The attractiveness of digital crime thus remains high and it is not surprising that the BKA chief's summary is: "More and more crime is migrating into the digital space". Russian actors are leading the way, he explains, pointing to increasingly professional structures: "The actors act in networks with each other, sometimes without knowing each other". Cyber criminals rely on tried and tested types of attack: "The biggest threat continues to be ransomware," explains Schabhüser. Around 130 companies and German municipalities fell victim to this variant last year, he explains. Experience shows that the number of unreported cases is very high.
In view of the tense threat situation, the composure of many security managers when it comes to preparing for an emergency is astonishing. "About half of the companies have not taken any precautions if something happens", i.e. no emergency management or comparable measures have been taken for security incidents, says Christian Dörr, who heads the Enterprise Cybersecurity department at HPI. BKA head Münch also sees this deficit: "Crisis response plans are still a major challenge".
But even where security measures have been taken, experts still see an urgent need for development: "Often people are stuck in the cyber security of the 90s", Dörr notes. Corporate firewalls and other classic technologies are no longer sufficient in the home office. The forms of protection must adapt to further developments and changes in the world of labour. Purely technological measures are not always effective: "People often think that IT problems can be solved with even more IT," Dörr warns.
Meanwhile, the security authorities are not remaining idle and are adapting to the changed situation, for example to fight ransomware gangs: "We are going after the infrastructure," Münch explains. The aim is to deprive the gangs of their operating base, as in the Emotet case. At the same time, the Federal Criminal Police Office BKA has developed a "cyber toolbox" that can be used by other investigative agencies. According to Münch, this also includes tools such as a "Telegram Cleaner", which can be used to have messages deleted. The BKA has also developed its own app. Münch says that one of the main goals of the measures is to network investigators and compare enquiries.
The situation can be particularly dangerous for small and medium-sized enterprises (SMEs). Schabhüser had one piece of advice for SMEs: "Don't do your IT yourself," he recommended. Smaller companies should rather use service providers or cloud services instead. "It costs something, but successful attacks cost much more," he warns and adds: "Cloud services have the potential to be very robust. We've seen that in Ukraine as well." (See the article “How Ukraine defies the new Cold War in cyberspace”) BKA chief Münch also sees a need for action among SMEs: "We have to take care of the small and the weak in particular".
Author: Uwe Sievers
