Cybersecurity

Cybersecurity: “Virus scanners are easily tricked”

The number of IT attacks is continuously increasing. A survey by Bitkom shows that cyber attacks affect almost 9 out of 10 companies. What can be done about it? ERGO Innovation Manager and cyber expert Maximilian Lipa answers this in our interview.

ERGO Innovation Manager und Cyber-Experte Maximilian Lipa

Max, you have been dealing with cybersecurity issues for a long time – how did it come?

Cybersecurity has always been my passion – I'm currently a member of the Bitkom e. V. security unit. But I was already interested in it as a child, for example how you can manipulate the saved scores of computer games.

Attacks are becoming more professional

What development do you see in cyber attacks?

In fact, we are seeing immense increases in hacking activities worldwide. Ransomware attacks in particular have become a billion-dollar market. The number of successful ransomware attacks in 2021 alone almost doubled compared to the previous year.

Hackers encrypt entire systems and decrypt access only after paying a ransom. This has long since become a profitable business model. This can be seen in the fact that hackers sometimes raise sums in excess of USD 2 million for knowledge of security vulnerabilities.

The hackers are also constantly adapting their strategy. In the past, the data on the attacked systems was only encrypted. Now, in addition to encrypting the data, they download it and threaten to make it public if the company refuses to pay the ransom.

The business not only seems to be profitable, but is also becoming more and more professional and sophisticated. For example, hackers can buy ready-made malware on the Darknet with a kind of guarantee of effectiveness. This means that the malware adapts quite quickly to past updates. Once you have been hacked, there is even a kind of “customer service” with instructional support, for example to pay the ransom with cryptocurrencies.

How do ransomware attacks affect private persons and companies?

When the computers of private persons are hacked, pictures are also encrypted. If you don't make regular backups, you will lose your personal documents – unless you pay. This also applies to companies. Here, there is the threat of huge losses due to possible production downtimes or inaccessible important data. There is a high risk especially for companies that operate a large number of networked devices, for example in an IoT environment; but also for institutions in the healthcare sector, where certified devices (for example an MRI) are usually never equipped with new updates and are therefore particularly vulnerable.

Important: Constantly invest in IT security

How must insurers prepare for these increasing risks?

An ideal solution would be to carry out a continuous risk assessment. The insurer would thus gain regular insight into existing IT security precautions of policyholders. With the dynamic development of cyber attacks, the company must also constantly invest in IT security. This would be a good approach to reduce the risk and create a mitigating effect. It is clear that this would require a lot of know-how on the part of the insurers and in the companies. There are various start-ups here that have dedicated themselves to this challenge.

Are anti-virus programmes the solution?

No. This may seem amazing, but because malware is becoming more agile and clever, virus scanners are slow and easily tricked. Moreover, anti-virus programmes can serve as a gateway for the virus. This is because the installed programme has system rights in order to be able to check every file. At that moment, however, the virus is already in the system. 

Install updates immediately, use good passwords

What else can be done?

Many things are known, but still very effective. These include two-factor authentication, immediate update installation after a new release, or not only closing a browser but actively logging out of applications to prevent so-called cookie hijacking.

Many websites that have a registration or login save the successful login to the website in a so-called session cookie. This makes it possible to remain logged in after hours or days. The trick now is to steal this cookie from the victim's system and then install it in the attacker's browser. If the attacker then calls up the website with the stolen session cookie, he is logged in with the victim's account and can go wild there.

The most recent victim of such an attack was the German YouTuber Julien Bam. The hackers took over Julien's YouTube account and deleted all his videos, including his Google AdSense account (Google's advertising system for monetising YouTube videos). 

Of course, it also helps to change and use long passwords frequently - a password manager can help here. Many viruses also enter the system by clicking on advertising banners. You should also pay special attention to Office files that are sent to you, especially Excel files with macros. These should not be activated, even if they come from known senders.

With e-mails, you should always check the links in the mail. There are also free websites that check whether an e-mail link is malicious, for example https://easydmarc.com/tools/phishing-url.

Thank you very much for this interview!

Hier geht es zur deutschen Version dieses Textes: Cybersecurity: „Viren-Scanner werden leicht ausgetrickst“