Due to the global networking of today’s IT systems, it rarely happens that they are used in isolation. IT systems communicate on both a local and global level via networks such as B. Cellular networks or the Internet.
The entirety of these globally communicating IT systems is called cyber space.
The Internet is an important part of cyberspace and more and more IT communication relationships are being shifted to it. Due to the constant and daily accumulation of enormous floods of data and information, cyber space is becoming a very attractive target for hackers.
In addition to the Internet (GAN), many other network structures are also used, for example LAN, WAN, etc.
A wide variety of attacker groups primarily use cyber space as an attack vector in order to achieve their interests with a specific goal.
These interests can be:
- Blackmail with monetary claim
- Obtaining information
- Influence or assertion of political interests
… and many other interests
“If you have something that can be valuable to a competitor,
you are targeted and almost certainly compromised. “
We primarily differentiate between the following three groups of attackers:
- Script-Kiddie – The district league
- Technical Attacker – The Bundesliga
- Industrial Hacker – The Champions League
Common purposes of attack include:
(Attack on confidentiality)
(Attack on integrity)
(Attack on availability)
Typical cyber attacks:
Phishing is one of the most common and promising types of cyber attacks. Attackers attempt to gain access to user data or to compromise the company’s IT environment via fake emails or websites.
Ransomware is malware, also popular among the German public crypto-Trojan Or called a ransom trojan. In this cyber attack, cryptographic processes are used to encrypt a user’s files and thus deny him access to them, sometimes also to the entire computer system and the connected network.
Depending on the target of the malicious code, the malware can delete and edit files in the system or pass on data about the user’s behavior to third parties.
Cross-Site-Scripting (XSS) are client-side cyber attacks on websites and what is connected to them.
In Social Engineering , various methods are used to attempt psychological manipulation to gain the trust of a certain person so that they can reveal important data (e.g. login names and passwords). Occasionally it is also simply eavesdropping on a target person.
Due to the constant further development in the IT world, new types of cyber attack methods and scenarios occur almost daily.
Other cyber attack scenarios, such as Phishing , Ransomware or Malware , can be found in the wiki on our website.
Protection against cyber attacks
Unfortunately, there is no such thing as 100 percent protection against cyber attacks. Nevertheless, the effect of such attacks can be clearly identified and weakened by taking suitable measures.
Suitable measures are:
- a well-functioning IT infrastructure
- Penetration tests
serious security vulnerabilities and the resulting attacks to protect by professional hackers.
Close the vulnerabilities as soon as possible.
- Continuous Security Testing
The IT infrastructure & amp; Check and optimize applications continuously.
- Security Awareness Training
Prepare employees specifically for social engineering and sensitize them to IT attacks.
- Monitoring = transparency of the entire IT infrastructure
For example Network separation “accounting” from “production”
- Qualitative patch management and configuration management
For example all updates are up to date
- Early detection of security gaps (e.g. through V-Screening)