- DDoS attacks imminent and on a scale never seen before
- Targeted strikes also on the rise
- Cyber security chief Tschersich: "This is only the very tip of the iceberg"
Barely a company is left in Germany that has not been hit by cyber strikes. 93 percent of large and medium-sized enterprises in Germany have already fallen victim to IT attacks aiming to gain confidential data or cause damage. And the situation for private Internet users is no less alarming: One in two has already been the victim of cyber crime, with
viruses, fraud, and identity theft the most common offenses. The situation is unlikely to improve any time soon, say the cyber security experts at Deutsche Telekom. They predict that cyber extortion will continue to spread in 2017.
"The crypto-trojans and DDoS attacks we have seen this year are not even the tip of the iceberg," says Thomas Tschersich, Head of Group Security Services at Deutsche Telekom. "We are only seeing the very tip of the tip – and what is to come will be colossal," he continues.
Tschersich and his employees expect major waves of attacks to take place in the not too distant future directed against consumers and companies alike and designed with extortion in mind. For private users, the experts anticipate a rise in attacks that quietly install crypto-trojans onto the user's computer. The ransomware then encrypts files on the hard drive of the compromised computer and all external hard drives attached to it – and there is no guarantee that the cyber-criminals will unscramble the files when the ransom is paid.
Digital extortion with zombie devices
The second target group, companies, will be subject to rising numbers of DDoS attacks in the coming year. DDoS attacks target a server and flood it with traffic, causing it to overload and malfunction. Attacks of this nature employ botnets – devices connected to the Internet – which are controlled remotely by the attackers. The result: A company, such as an online shop, is unable to continue providing services over the Internet unless it pays the ransom.
Future variations on DDoS attacks may focus on deactivating contentious and critical voices on the Net, or destabilizing critical infrastructure or even states, fear the Deutsche Telekom experts. They expect the volume and ferocity of DDoS attacks to increase in general: "The attack on Dyn this year showed just how strong the botnets of cyber-criminals already are. The attack on routers worldwide gives you an idea of how powerful they can become – this attack is guaranteed to have added thousands more remote-controlled routers for the "Mirai" botnet. We're talking about the kind of scale that can only be tackled in the backbone networks themselves," says Thomas Tschersich.
Targeted attacks for the advanced criminal
In addition to DDoS attacks, the experts at Deutsche Telekom foresee a growing number of strikes designed and executed with the utmost professionalism and with just one target. These kinds of attacks are called advanced persistent threats and are mostly directed at companies, organizations and states using previously unknown security vulnerabilities, known as zero day exploits. Tschersich: "Some attackers simultaneously target multiple security vulnerabilities which are not generally known. This shows the extremely high level of professionalism we're dealing with. And things will only continue to go in this direction."
Defense is being shifted into the infrastructure
Deutsche Telekom's experts have a two-pronged approach to combating the threats: Firstly, they systematically monitor network irregularities themselves and move defense mechanisms into the infrastructure. Secondly, they use tools to conduct behavioral analyses and scan system states. With this approach, attacks within a system can be identified rapidly on the basis of anomalies in the behavior or state of a system. Such analysis tools are increasingly being used by all types of customers – from consumers to corporations – and in all types of environments – from single smartphone to global corporate network. "The question has long since ceased to be about whether there will be attacks. Now, it is a matter of when," says Thomas Tschersich.
Companies and private users can defend themselves
Experts advise both companies and private individuals to be cautious. "If cyber criminals want to place malware, they can usually only do so with the active involvement of the victim. It is exactly this active involvement that we are looking to prevent," says Thomas Tschersich. This should be ensured on the one hand using appropriate software to detect malware, like an anti-virus product for private users. Companies can protect themselves with behavior-based solutions that run suspicious attachments in a closed environment, allowing them to recognize malware (sandboxing), for example, or discover anomalies in systems. "On the other hand, very simple prevention measures play an important role, for private users in particular. They sound trivial, but they are essential," explains Thomas Tschersich. The warning to 'Watch out for e-mails with suspicious content' will always be relevant."
About Deutsche Telekom: Deutsche Telekom at a glance