Dusseldorf, Berlin The consequences of hacker attacks can be dramatic – from image damage to the loss of business secrets to production downtime. What makes the need worse at the moment: It is difficult to get competent help.
IT service providers and consulting firms that conduct forensic examinations of virtual break-ins and restore systems are running out of capacity. “We’re at the breaking point at the moment, almost everyone feels the same way,” reports Wilhelm Dolle, a partner at KPMG and head of the “Cyber Security” department.
The Federal Office for Information Security (BSI) warns of a “fundamental shortage” of personnel for incident response, i.e. dealing with IT security incidents. If you don’t have your own resources in the organization for this, you need external service providers – “but they are at times completely busy and then cannot accept any new incidents”.
Improvement is not in sight. On the contrary: The risks are growing because, according to experts, the criminal scene is becoming more and more professional and state actors could possibly also become more active, namely Russia. However, the staff is likely to remain tight for the time being.
Top jobs of the day
Find the best jobs now and
be notified by email.
The BSI writes in the annual report that the already tense situation is getting worse. In addition to cybercrime, Russia’s attack on Ukraine has been a factor since the beginning of the year – Russian activists are trying to block the websites of Western companies and institutions. “The threat in cyberspace is higher than ever,” warns the authority.
Ransomware is the biggest cyber risk
The greatest risk comes from ransomware. The perpetrators – mostly professional groups – penetrate the networks and encrypt important data. To release the data, they demand a ransom, to be paid in digital currencies such as Bitcoin or Monero.
They also often smuggle out confidential files and threaten to publish them. An additional leverage.
The processing of such cases is time-consuming, as the example of Continental shows. Blackmailers associated with the Lockbit 3.0 organization were able to penetrate the car supplier’s network.
Although they apparently did not succeed in encrypting systems, they were able to download large amounts of data, a total of 40 terabytes. The group has put a directory online that lists the storage paths of 55 million files.
Continental has obtained support from the consulting firm KPMG. The external forensic experts first sort the leaked files according to priority. In a second step, 300 employees from the automotive supplier have to check each individual file. Content relating to business partners or employees is particularly critical. That should take “several weeks”. KPMG is not commenting on the case.
>> Read here: threaten hacker gangs Germany – affected companies unpack
In short: There is a constantly high level of attacks that can cause enormous damage – and thus also make a lot of work.
In addition: “Many companies take ransomware attacks as an opportunity to fundamentally rebuild their IT so that it is better protected,” says KPMG partner Dolle. “That typically takes several months.”
criminal division of labor
A professionalization can be observed in the criminal scene. Large groups employ programmers to further develop the software and provide the infrastructure for encryption and ransom payments.
Other actors, on the other hand, specialize in finding security gaps or breaking into systems. “The ecosystem continues to diversify,” says Lorenz Kuhlee, Director at PwC Germany.
Hackers rent their software and attack automatically
In addition, more and more criminals can enter the business. Individual components such as the software or the access data for compromised accounts are offered on the Darknet “as a service”, i.e. for rent. And there’s malware that’s almost as easy to use as a spreadsheet. “The starting level for attacks is getting lower and lower,” says Kuhlee.
The result: Modern ransomware allows the people behind it to “attack companies with largely automated methods, steal data and encrypt it almost completely,” says Richard Wagner, consultant at Japanese software provider Trend Micro. This enables multi-layered blackmail “and thus significantly higher yields than before”.
It’s another incentive for criminal organizations to get into the business.
Fear of state hackers
After Russia’s attack on Ukraine, the BSI warned of dangers for “high-value targets” such as critical infrastructure, including in Germany. So far there has been no storm: a large proportion of Russian cyber activities have been concentrated in Ukraine, says Jens Monrad from IT security specialist Mandiant.
In Europe, campaigns to obtain information were primarily observed. However, it is conceivable that in 2023 Russia will increasingly use its disruptive capabilities against European organizations, including energy suppliers, military suppliers or companies in general that support sanctions against Russia.
This fear is shared in German security circles. “This is a massive wave of hackers rolling across Ukraine,” it said. This will also be directed against the West; the only question is when. Added to this is the threat from other countries: According to expert opinion, industrial espionage from China, for example, continues unabated.
>> Read here: Four reasons why companies should fear Russian hackers
Therefore, it is unlikely that companies will find it any easier to find external service providers in the foreseeable future. Given the lack of experienced staff, victims may not be able to find the help they need, warns Peter Mackenzie, who heads up incident response at Sophos. “That’s why it’s so important to plan ahead and be prepared for potential incidents.”
The BSI has been qualifying personnel for cyber defense for several years, and the office has published a list of service providers online. Federal authorities and operators of critical infrastructures also receive direct support.
More: “We are strengthening our capacities”: Continental CEO Nikolai Setzer is expanding cyber security