Cybercrime – Forms Of Attack And Protective Measures
The rapid growth of digital value creation poses ever greater challenges for companies and their customers. You read about new cyberattacks or cybercrime almost every week – according to a representative study by the digital association Bitkom, 53 percent of Indian companies have already been attacked from the Internet.
Here you will find common forms of attack and measures you can take to protect yourself against them.
At the end of the European Cyber Security Month, the Federal Office for Information Security (BSI) and the Police Crime Prevention program of the federal states and the federal government jointly published a checklist for emergencies.
This provides phishing victims with initial emergency measures and serves as a guide.
In the 2019 Digital Barometer, 28 percent of those affected by crime on the Internet said that they had been victims of phishing.
According to the findings of the BSI, phishing attacks focus not only on bank customers but also in particular on customers of online retailers or payment systems.
Since purchases and payments can be made with the tapped data, it is important to convey to those affected in a step-by-step and understandable manner what to do in such an emergency.
USB sticks in the company
The real case
In the company, an employee commissioned with the supervision of trainees is transferred to the workstation computer using their private USB sticks.
As a result, the anti-virus software twas triggered because malicious software had obviously been transferred from the trainees’ inadequately protected private computers to their USB sticks.
It was only luck and coincidence that the company did not suffer any major damage here.
Notes on the safe use of USB devices
- Separate personal and business USB drives. Do not use private USB sticks or private external USB hard drives on company computers.
- Use security software and keep it up to date. Use a firewall, anti-virus software, and anti-spyware.
- Under no circumstances should you connect a USB drive to a PC whose origin is unclear to you. There are known cases where visitors have intentionally lost a stick containing malware.
- Avoid the use of “USB-based” promotional gifts, such as coffee cup warmers, gooseneck fans, etc. There are also known cases in which malware was installed in the USB hardware.
- Use password-protected encryption on your USB drive to protect your data from unauthorized access.
Dealing with mobile devices abroad
When traveling abroad on business, business travelers must always be vigilant. Because: Foreign intelligence services could try to find out about the traveller’s company secrets.
In particular, the use of mobile means of communication / mobile information technology carries the risk of unintentional
- Listening in on mobile phone calls,
- Reading emails,
- Reading out and changing all stored data and
- Listening to conversations in the area
Third parties gain knowledge of company-internal secrets and can thereby damage the respective company.
In addition to notebooks, PDAs, cell phones and smartphones , the term “mobile information technology” also includes storage media such as USB sticks, CDs and DVDs.
Restrictions and bans in the host country with regard to the handling of mobile IT (e.g. ban on cell phones, ban on photography) pose additional dangers.
Violations of these regulations can enable foreign intelligence services to carry out further cybercrime on company secrets.
Ransomware and encryption trojans
One speaks of ransomware attacks when perpetrators gain access to company data via malware, encrypt it for the company and only release it for a ransom.
Paths of malware into the company
In order to gain access to a company’s IT infrastructure, cyber criminals use all typical distribution channels for cybercrimes and malware. The perpetrators often send numerous emails with attachments to company employees.
Sometimes there are calls beforehand in which the sending of a file is announced in order to reduce the suspicion of the unknown senders in advance.
The attachments usually have innocuous filename extensions such as .zip, .doc or .pdf. The malware benefits here from the fact that Windows hides the file name extension for known file types by default.
A file with the name xxx.doc.exe is thus represented as xxx.doc. After deactivating this Windows functionality, you can see the actual file extensions, which often point to executable files (.exe, .com, .js, .bat, .vbs, …).
For a while, these encryption Trojans were sent out as very real-looking letters of application. A large number of spam emails with a wide variety of subjects and contents are now known.
By opening the attachment, the computer data and accessible network drives are encrypted and can no longer be used until further notice. The aim of the perpetrators is to extort a ransom. When the ransom is paid, the prospect of sending the decryption code is promised.
Often, however, the perpetrators do not encrypt the computer’s data directly, but gradually gain access to other parts of the company’s IT infrastructure.
In known ransomware cases, for example, perpetrators were often unnoticed in the network of the companies concerned for weeks and months before the data was encrypted and the ransom demand was made.
How you can protect yourself from such attacks
To protect against this attack, the LKA 54 advises:
- Even with apparently correct emails, when opening attachments or clicking links, pay attention to the actual file extension or, if necessary, deactivate the automatic hiding of the file name extension in Windows.
- Carry out regular data backups and check them for availability. Make sure that the malware cannot access the data backup (e.g. through a physical separation after the backup has been completed).
- If you notice an infestation, disconnect the affected computer from the network as soon as possible.
- Configure your Office programs in such a way that macros are not executed or only executed after you have been asked.
- Automate the detection of crypto Trojans through appropriate monitoring on your file servers.
- Try to provide all programs on your systems with updates in a timely manner.
- Update your virus scanner regularly and at short intervals.
Attempted extortion through threatened DDos attacks
Almost every company is present on the Internet today, especially online shops are dependent on a functioning Internet service. Criminal or cybercrime groups try again and again to blackmail companies with announced DDoS attacks.
In May 2016 this happened in the name of Robin Hood, later the group Kadyrovtsy became public in the media.
Whether the threatened DDoS attacks will be implemented depends on the respective criminal group or cybercrimes and cannot be predicted in advance.