What are the most profitable criminal companies

Cyber ​​crime: the five most dangerous new hacking strategies

2019 was a record year for the German economy in many ways - also in a discipline in which nobody attaches importance to a top position. The IT association Bitkom announced shortly before the end of the year that the damage caused by criminal attacks on companies totaled almost 103 billion euros.

The amount of damage caused by sabotage, data theft or espionage in Germany is almost twice as high as two years earlier. As gloomy as it was in 2019, there is so little reason to hope that 2020 will be better.

On the contrary, cybersecurity experts from industry, research and security authorities are unanimously warning against a further increase in online attacks. And above all, as a look at the IT security forecasts at the beginning of the year shows, they are expecting increasingly sophisticated attacks.

These are the five top threats that companies, IT security officers and private Internet users must have on their radar in the New Year:

A superficial look at the statistics of the Federal Criminal Police Office promises the all-clear for cybercrime. But appearances are deceptive. The companies affected are also to blame for this.

Phishing is becoming more sophisticated and personal
Phishing attacks, with which attackers steal passwords and usernames from e-commerce and bank customers, as well as access data for company computers or business databases, are among the cheapest and easiest methods used by online criminals to harm their victims. Today they are one of the most widely used and, because of their mass, most profitable forms of cyber attack.

However, the skepticism of many people on the Internet about messages of unknown origin and dubious content is growing - and thus the likelihood of the phishers going online. In response to this, the attacks become more sophisticated and personal. Instead of mainly shooting phishing messages into the net like with the shotgun, cyber criminals are increasingly copying the digital identities of their victims and attacking people with whom they are already in contact.

Because of the known sender, the recipients are more inclined to open virus-infected file attachments or to follow links to phishing sites on the Internet. Even more caution is advised in 2020 when opening supposedly trustworthy messages.

Attacks via detours, suppliers or customers are increasing

Instead of directly attacking corporations that take great effort to protect themselves, cyber criminals are increasingly attacking them in a roundabout way. They first try to penetrate the IT systems of smaller, less well-protected medium-sized companies. From their networks, they then set their sights on their actual goals - for example by sending alleged invoices as PDF documents that actually contain malicious programs.

Hackers attack medium-sized companies - also to get hold of large corporations. Many companies are poorly prepared for cyber attacks - because they have wrongly structured their networks.

The trick: Because the senders are known to the attacked corporations as suppliers or customers, the fake messages are also more credible than if they came from strangers. In addition, the recipients also know the supposed senders and are less skeptical about opening attachments or following links on the Internet - with the known consequences of phishing.

In the opinion of many experts, such attacks, called “supply chain attacks” in the industry, will also increase because human users on the PC are more easily deceived than firewalls and virus protection programs.

Damage from blackmail is getting bigger and bigger

The damage caused by attacks with extortion programs - so-called ransomware - is no longer limited to the ransom that companies or private individuals are supposed to pay in order to unlock the data encrypted by hackers. In addition, the costs that arise when IT systems are often idle for days or even weeks after ransomware attacks (either because they are encrypted or to protect them from encryption) skyrocket.

In the opinion of many experts, the costs of business failures (including delivery failures and similar consequential damage) will therefore soon significantly exceed the amounts of damage caused by ransom for many companies. In view of the fact that ransomware attacks are one of the fastest growing forms of cyber attacks, it is becoming more and more important for companies to protect themselves against blackmail attempts and to arm themselves effectively against IT-related business failures.

Mobile devices and the Internet of Things are increasingly under attack

Many business people have business-critical data worth hundreds of thousands of euros as well as highly sensitive passwords and contact details on their mobile phones - and to this day they do not protect them against malware and hacker attacks. Cyber ​​criminals are increasingly exploiting this negligence. The number of espionage apps, especially for Android phones, is growing every day, for example the hackers attack Apple users via fake websites.

What has long been a must in companies is now also becoming important for private households: Security routers for the networked home are supposed to keep hackers out - and private things inside.

In addition, the attackers are increasingly targeting digitized everyday technology in the Internet of Things - from intelligent loudspeakers and the front door at home that can be controlled via app to networked machines or tools in the factory to elevator control with remote maintenance options or ventilation control with a connection to the cloud in the office.

In addition to the firewall for PCs, one must also be set up for all other networked components of everyday digital life in the future.

Hackers are increasingly relying on artificial intelligence

Hardly any IT term had such a boom in the past year as that of artificial intelligence, or AI for short. Even if this was (also) a fad in many cases, the trend is undisputed. Unfortunately also in cyber crime.

In fact, the experts at IT security companies are encountering complex digital malware more and more frequently, which are programmed in such a sophisticated way that they can recognize protection programs, for example, and specifically camouflage themselves or adapt their working methods.

Other hackers use machine learning methods to track down and exploit weak points in the attacked IT systems. AI and machine learning are still rather rare phenomena in cyber crime and are mainly used in particularly complex and targeted attacks. But it only seems a matter of time before AI viruses also become common property on the Internet that is even available to digital petty criminals.

© Handelsblatt GmbH - All rights reserved. Acquire usage rights?