- Offenders learn faster than victims
- Evolution of threats at a high level
- Naivety Root of all evil
"It's Safer Internet Day again. Again we tell each other how nice it would be if everyone helped to make the digital world safer. And maybe this good intention will be forgotten just one day later. And next year we will do it again? No, it can't go on like this", is how Telekom's Head of Security Thomas Tschersich sums up the past twelve months.
And the look ahead is indeed marked by deja-vu. These three developments could already be identified as key trends in 2019:
- The number of DDoS attacks is not decreasing, but rather increasing
- Trojans are becoming more and more sophisticated
- Next generation of social engineering is on the advance
This will continue to apply without restriction for 2020, says Tschersich. Situation unchanged? Unfortunately no, there are even serious changes to be observed. But unfortunately on the wrong side: "The evolution of these three trends is frightening. What is new in each case is the constantly growing degree of professionalism and effectiveness on the part of the criminal actors. Unfortunately, at the same time there is a constant level of naivety among the potential victims. This is what makes the situation worse every year, if not quickly changed," says Tschersich.
The criminals are becoming more professional
The evolution of the Trojan attacks is easy for anyone to understand. Especially if he hasn't emptied his email box in the past three years. Initially, you'll find poorly translated letters and e-mails with lots of spelling mistakes. This way of sending spam mails with malware was easy to see through. Therefore the texts became better and better. In the meantime, communication professionals seem to have lent a hand, the approach is good. The design of these mails has also been optimized. If logos were used, the colours and use of the trademarks did not match the imitated originals in the past. Today, at first glance, the harmful spam emails can no longer be distinguished from the correspondence of well-known brands. Current attacks of the so-called emotet-ecosystem even occur in two phases. First, the victim's email traffic is spied out. Then the victim receives messages that look as if a correspondence that has already begun is being continued. In the belief that they can trust the alleged sender, the victim opens a document in the attachment. And thus willingly opens the door to the Trojan.
Deceptively real communication
Criminals today are similarly efficient in their use of social engineering. Technological advances have helped to perfect the system. It is no longer written messages that look as if they were sent by the boss. Often no person of flesh and blood answers the phone anymore, who tries to speak in a disguised voice. Instead, a computer program speaks. And that imitates arbitrary voices deceptively real. This CEO scam is currently working especially well in English-speaking countries. But it's only a matter of time before these systems can speak audibly perfect German. The next step could be video calls, with equally well manipulated images. But that is still a dream of the future.
Damage potential at the sling price
The evolution of DDoS attacks, i.e. the targeted overloading of networks or, for example, platforms for online trading, is different. You get more and more service for less money on the illegal market. Attacks on large computer centres are thus becoming increasingly affordable. The impact, which one can already acquire today for a two-digit Euro amount in Darknet, is immense. Companies whose business model depends on the availability of technical systems are the target. These are increasingly being blackmailed with an impending DDoS attack - and yet protect themselves far too seldom against this risk.
The "other side" is therefore constantly evolving. And society? "Many people seem to think that they can't escape the role of victim anyway. But this is not true. Those who consciously protect themselves and keep their systems and devices up to date already achieve a lot. Convenience and laziness are punished faster and faster. Ignorance and vanity, however, should no longer be allowed", advises Thomas Tschersich.
About Deutsche Telekom: Deutsche Telekom Company Profile