IT security needs alternatives

The first cyber disaster was triggered in Germany in July 2021. But that is only the culmination of a long chain of hacker attacks. The last few months have shown how serious the situation has become:

Hacker attacks are increasing in Germany and around the world. Cyber ​​criminals use new methods to get past conventional security measures. However, one defense method suggested by experts is still used far too seldom: open source

Many people today are sensitized to the traditional methods of hackers. Not responding to strange emails or suspicious file attachments has gotten into the minds of most people. That's why cyber criminals have come up with new ways of doing things. These include so-called distributed denial-of-service attacks (DDoS), in which countless requests overload the systems. This gives the hackers an insight into the countermeasures and can target them next time. 2020 was already a record year with thousands of such attacks. In the first half of 2021, the number increased by a further third compared to the previous year.

Some hackers are only interested in disrupting a company's operations with such attacks. But they are more likely to target the valuable data in order to attempt to blackmail them. Once these have been completely or partially encrypted, the companies concerned must either respond to the requirements or try, for example, with the help of a security company to regain access to their data.

Cyber ​​criminals now gain access through various methods. This includes, for example, the creation of HTTPS pages. This transport encryption actually ensures a secure transmission, so that the unsuspecting victims enter their data without worrying. So-called social engineering attacks have also appeared more and more since Corona. The perpetrators take advantage of topics of great social relevance and send e-mails that allegedly provide information about corona measures.

Unfortunately, we have to get used to the fact that hacker attacks are now part of our everyday lives. For a long time only the most explosive cases made it into the media, but the rise in attacks has made it almost a constant topic. We regularly hear about crippled systems and ransom demands.

The University Hospital Düsseldorf was hit in autumn 2020. Probably unintentionally, because according to the police, the perpetrators were actually targeting Heinrich Heine University. Nevertheless, a so-called loader was later found in the system of the university clinic, with which the malware was installed - in this case the DoppelPaymer malware. Because this program has often been used by Russian hackers, the North Rhine-Westphalian Ministry of Justice suspects a connection to Russia.

The following examples show how hard such a hacker attack can hit everyday life. In February 2021, for example, a drinking water system in Florida was the victim of a cyber attack. After gaining access to the plant's systems, the perpetrators increased the amount of sodium hydroxide (NaOH) to a dangerous level. This means that metals can be removed from the water and the acid content can be controlled. However, in excessive amounts, NaOH is harmful to health. Plant employees were able to identify and rectify the fault in good time.

The EDAG Group, which is active in the field of engineering services, was also lucky when hackers broke into the systems in the middle of the night in March 2021. Colleagues in the United States were still on duty and noticed the incident. Nevertheless, the IT network was impaired and was shut down for several days to protect customer data.

JBS, the world's largest meat company, faced a cyber attack in June 2021. Production in the USA and Canada was affected, and in Australia it was even completely paralyzed. Here, too, the investigators suspect a connection to Russian hackers. Those in charge of JBS gave in to the ransom demands and transferred around eleven million dollars in bitcoins to regain access to their systems.

The hacker group REvil was also targeting Bitcoins, which launched an attack on the desktop management tool VSA from the US company Kaseya in July 2021. Thousands of companies were affected, more than a million computers, according to REvil. The Swedish supermarket chain Coop had to temporarily close almost all branches. The hackers asked for the equivalent of $ 70 million, but Kaseya saved himself by engaging a cybersecurity company.

And then finally there was the first cyber disaster in Germany. The administration of the Anhalt-Bitterfeld district no longer had access to their computers after an attack in July 2021. For the almost 160,000 inhabitants, this meant: no parental allowance or other social benefits, no processing of building applications, no car registrations and so on. The municipality declared a disaster in order to be able to quickly involve other institutions and to solve the problem without long official channels.

It becomes dangerous when human lives are at stake as a result of cyber attacks. Probably for this very reason, hospitals have been targeted by hackers more and more often in recent years - most recently in July 2021 the Wolfenbüttel hospital. Clinics are a popular target for hackers because a failure of IT or networked medical technology can be life-threatening - and this simply cannot happen with part of the critical infrastructure. Like the example of the Düsseldorf University Hospital, which had to turn a life-threateningly ill patient away because the systems were not working. The woman had to be transferred to another hospital and treatment could not start until an hour later. Too late. The patient died. But patient data and patents are also popular prey for hackers. In such cases, the institutions concerned are often more inclined to respond to possible blackmail and to pay for the release of the systems.

How good when - in quotation marks - it's all about money. Smaller companies whose systems are affected can temporarily switch to tried and tested methods and, for example, do an inventory with pen and paper. In the long run, however, this is of course not a solution, and for global players it is not an alternative at all. The financial sector in particular often faces major problems when it comes to cybersecurity. These companies, which are usually networked across entire continents, still often rely on outdated software and it takes a long time before security gaps can be closed.

Hackers have also made their way into world politics. This was already evident in the last US election campaigns, when the Russian hacker group Strontium published emails from Democrats. The German security authorities are also becoming increasingly nervous about the upcoming federal election in September. Stolen data could lead to targeted disinformation campaigns and influence the election. The secret services call such actions "Hack & Leak". China, Russia and other countries are investing a lot to gain influence on the political stage.

One thing must be clear to us: there will never be absolute security against cyber attacks. New malware and defense measures ensure a constant "cat and mouse game" between perpetrators and security experts. Antivirus programs and firewalls are standard for government agencies, companies or private computers. But IT professionals have long recommended using open source software.

With such open programs, all users have access to the source code. Through the cooperation of many people and entire communities, weak points can be quickly identified and remedied. Of course, also through the support of large companies that are behind such open source software. In contrast to closed systems, there is usually not much time between discovery and correction. That might also have helped those responsible at the Düsseldorf University Hospital. In a press release, the hospital wrote: “The security vulnerability was found in commercial add-on software that is customary on the market and distributed around the world. Until the software company finally closed this gap, there was a sufficient window of time to penetrate the systems."

With the appropriate technical knowledge, it is possible for every user to change the source code. At first, it sounds like it is also a perfect gateway for hackers. But the opposite is the case: through the eyes of many developers and software manufacturers, threats can be prevented. Due to the possibility of auditing, independent experts can quickly identify and seal gates. This is particularly effective in conjunction with management software. Possible IT disruptions are recorded, tracked and documented. That is why we have been relying on open source with our KIX program right from the start.

The European GAIA-X program now confirms that open source is the future. This joint project by Germany, France and other partners from Europe aims to ensure a high-performance and secure data infrastructure. In order to be future-proof when it comes to economic and security issues, the representatives involved recommend the increased use of standardized data, cloud technologies - and also open source.