Lothar Hänsler,
COO of RADAR Cyber Security
RADAR Chief Operations Officer Lothar Hänsler analyses the threat situation of the past 6 months. Operators of critical infrastructures are a particularly popular target for cyberattacks. However, taking precautions in cyber security pays off for all organizations.
Politically motivated attacks
Four months after the start of the Russian invasion of Ukraine, the threat level in terms of IT/OT security has increased further. The sophisticated cyberattacks are by no means limited to the parties of the conflict nor Ukraine only. They also hit neighboring states who support Ukraine, such as the European Union and its companies and institutions located there. The risk of cyberattacks against critical infrastructure companies is considered to be very high.
Vulnerable OT systems and production facilities
The area of OT security is moving more and more into the foreground. On the one hand, favored by numerous successful attacks, not least in connection with the Ukraine conflict. On the other hand, initiatives on the defense side may also have been a trigger, such as the U.S. Department of Energy’s strategy to modernize American energy security over the next five years, or the German Federal Office for Information Security’s (BSI) recommendation for measures with regard to Ukraine. In its annual report on the state of IT security in Germany, the BSI notes not only an increasing number of cyberattacks in 2021, but also a considerable increase in their quality. Such advanced attacks are, of course, always a major threat to any organization. Since they are comparatively ill-prepared for cyberattacks, this is all the worse. This applies to 48 percent of IT systems in Germany, according to a 2021 Cisco study. The situation is similar in Austria: Findings of PwC’s Global Digital Trust Insights 2022 show that around 73 percent of companies still plan to invest considerably more in cyber security in the next 12 months. This is a step that can only be welcomed.
Lucrative business model with little effort
Cyber attacks with data exfiltration and ransomware dominated the first half of the year. The attackers are less involved in political activism but rather with extorting large sums of money. This trend will not abate in the near future. The attacker scene has evolved into a sophisticated, work-sharing model in which different groups exchange data and tools. There are groups that are specialized in trading victims’ login credentials and collecting the ransom.
Exploiting framework vulnerabilities
The zero day vulnerability “Log4Shell” has been a serious concern in many organizations and forced many Chief Information Security Officers and IT leaders to revise their open source strategy. This vulnerability has existed since 2013 and still requires the attention of IT departments to the extent that the vulnerability keeps making the news in new manifestations. Due to the increased vigilance, the negative consequences of the subsequent vulnerability in the Java framework “Spring” (Spring4Shell) were less far-reaching. Fortunately, companies rethought their security measures and were able to react much faster by means of extended vulnerability management and continuous threat intelligence through specialists.
Again the current threat situation shows that it pays off to take precautions in cyber security: Serious vulnerabilities, that are also relatively easy to exploit, require those responsible to make decisions and react quickly, especially if the manufacturer is slow in fixing the vulnerability. The most recent example is the “Follina” vulnerability in the Microsoft environment.