Written by Michelle Schreiber
"Is this sender valid? Can I click on this attachment?" If employees ask themselves these questions, worse could already be prevented.
In recent years, cybercrime has evolved rapidly - companies are often left behind. What are the attack vectors? How can companies protect themselves? What role does human engineering play?
Sensitive data flits through the Internet every day: Addresses, ID documents, internal company information. Much of this data is stored online on servers. Web developer and ethical hacker René Rehme has taken a close look at countless municipalities and universities and identified some worrying security gaps. Rehme, an IT security expert, has some tips for institutions as well as businesses to keep their data safe.
"Hackers have the ability, if they look long enough, to break into the system." IT security expert René Rehme
"There's a lot of room for improvement there," Rehme says regarding the security of university and municipal servers. In a largely automated process, the ethical hacker examined tens of thousands of websites. He was able to access directories, but also to access servers. In the case of major security breaches, it would even have been possible for him to delete and change data.
In this approach, Rehme examined the online application itself and exploited leaks - although this is not at all the usual approach of cybercriminals. They often make use of social engineering: the human vulnerability. For example, e-mails are sent with attachments. As soon as the recipient downloads this attachment, ransomware is executed in the background. If this remains undetected, it can infect the entire system.
In the worst case, the malicious code remains undetected and hackers can then embed themselves in the system for a longer period of time. "If I'm a hacker from Russia, for example, I'm interested in what this company is basically doing. Then I'll stay in the system until I'm noticed, because I want to tap into information for as long as possible," explains René Rehme.
Rehme, an IT security expert, focuses primarily on universities and municipalities. Cyber criminals, however, are more likely to target companies. "So especially for criminal hackers, companies are particularly interesting because they can be blackmailed accordingly." The cryptocurrency Bitcoin makes it almost impossible to trace the flow of money, which opens the door to hackers. The size of the company is not so crucial - the main thing is that they can pay a ransom.
René Rehme's first advice is: "It's best if companies don't respond to such requests for payment, because they're fuelling the whole system." The first step is then to close security gaps and rid servers of malicious code. So-called backdoors, through which hackers repeatedly get into the system, must be eliminated. And then it's a matter of protecting against the next attack.
Because there are different attack vectors, preventive measures have to start at different points. To minimize the human vulnerability, IT expert Rehme advises training employees. Not clicking on every attachment and general caution with external e-mails are simple measures that can make a big difference. But companies can also do a lot on the technical side: When setting up the infrastructure, make sure that areas are encapsulated so that attackers do not have access to others through an infected system. It doesn't have to be a sophisticated system: "Keep the systems up to date - that's the most important thing," advises Rehme.
According to Rehme, companies should always check servers for ransomware and perform an infrastructure scan. Which IP addresses are publicly accessible and which servers have perhaps been forgotten? Hackers exploit such carelessness to gain access to data and systems. It is not difficult to identify and close these security gaps.
Finally, an external service provider can also be commissioned to help identify points of attack at an early stage and initiate countermeasures.
