“We strongly believe that ransomware attacks will not decrease in the near future,” BSI specialist Dirk Haeger told Germany’s Die Zeit newspaper. Criminals have found new ways of extorting money from their victims by encrypting companies’ sensitive data and demanding ransom for it, he said, hinting that these attacks will be increasingly prevalent in the near future.
Arne Schoenbohm, the head of the German Federal Office for Information Security, compared the practices to the protection rackets used by the mafia of old – in which the rule was, “if you don’t pay me, I’ll devastate your business,” he said, adding that it will be similar in the digital world, though it will not be about physical property, but data.
The Covid-19 pandemic will likely make the situation worse, the BSI warns, explaining that the lockdowns forced many companies to allow employees to work from home, reducing their corporate security to the level of the employees’ home computers, which is not always up to industry standards.
“We recently conducted a survey of small and medium-sized companies that let their staff work from home. Around a quarter of the companies surveyed [said that] they had to deal with ‘serious’ cyber-attacks or even [attacks] threatening their very existence,” Schoenbohm said.
The cybersecurity specialists also said that pretty much anyone can become the target, since the criminals do not pick their victims in advance. They simply look for cybersecurity holes they can exploit, without caring too much about the nature of the organization they are targeting.
The criminals want to make money. They don’t care where it comes from.
However, the BSI believes that massive attacks on critical infrastructure like the one on the US Colonial Pipeline that led to a gasoline crisis on the East Coast are unlikely to become frequent, not least because it is not beneficial for the criminals.
“The perpetrators try to stay under the radar of the security authorities,” Schoenbohm said. “If… you attack critical infrastructure… it is only a matter of time before the investigative authorities take action.”
The cybersecurity authorities will hardly be able to deal with the issue any time soon, the BSI officials said. “It’s like the Hydra – cut off one head and others emerge.” Schoenbohm also criticized the fact that many companies are too slow in fixing cybersecurity gaps.
“The vulnerability in the Microsoft Exchange Server initially affected 65,000 servers in Germany; two weeks ago it was still around 4,000 [that did not fix the issue]. It is very risky! These companies are completely unprotected,” he said.
At least we don’t have to worry about a cyberattack causing a nuclear apocalypse if it targets a nuclear power plant, the BSI specialists believe. The plants’ control systems were developed in the 1980s and are not as vulnerable to modern hacking attempts, simply because they are too old for that.
“They are hardly digitized. Hacking a nuclear power plant, no, that’s not the danger,” Haeger said.
Chemical plants, on the other hand, are a different matter, since an attack could disrupt the work of the pumps, he noted, adding, however, that “they are pretty well secured.”
Schoenbohm said that hospitals face a much more acute threat. The BSI head said that medical facilities in various German states were attacked in 2016, 2019, and 2020. The BSI is currently working on “industry-specific” security standards along with the German Hospital Association, though it will take time to implement it in practice, he noted.
In September 2020, once such ransomware attack on Germany’s University Hospital of Duesseldorf resulted in the death of a patient as doctors tried to transfer her to another facility after the computers in the facility were disabled by hackers.
One of the latest high-profile attacks on medical facilities targeted Ireland’s Health Service and forced it to temporarily shut down all of its IT systems earlier in May. As a result, one of Europe’s busiest maternity hospitals was badly affected and had to cancel most appointments.
Think your friends would be interested? Share this story!
© 2021, paradox. All rights reserved.