Economic war on the Internet

At the beginning of May 2021, one of the largest gasoline pipelines in the U.S. temporarily stops its operations completely. Cyber criminals had managed to encrypt data from the operator Colonial Pipeline with a "ransomware". They demanded a ransom for the release of the key with which the data can be restored. The company is paying $4.4 million to the computer hackers - in bitcoin. With the cryptocurrency, the identity of the recipient remains unknown for the time being, making it difficult to trace the attack. The next headline follows already at the end of May: JBS, the world's largest meat company, has to partially stop its production. Again, cybercriminals and ransomware were involved. The ransom in this case was eleven million dollars.

Criminals are increasingly using the Internet to make loot

The examples show: Criminals are increasingly using the Internet to make loot. Currently, ransomware is one of their most popular tools. "The blackmailers penetrate an IT system and use it to encrypt all data, so that a company can no longer operate," explains Professor Christian Rossow, senior researcher at the Helmholtz Center for Information Security (CISPA) in Saarbrücken. "With online banking becoming more secure in recent years, ransomware is a relatively easy and therefore common way to get money." To become infected with ransomware, a careless click on an email attachment can be enough. In other cases, criminals exploit previously unknown vulnerabilities in software systems ("zero day exploits"). Sometimes their victims make it even easier for them - by working with outdated program versions whose security vulnerabilities are generally known and could have been fixed with a simple update.

You don't have to be a technical genius to break into a computer system today

You no longer have to be a technical genius to penetrate a computer system today. "There are now regular markets on the Internet where you can get the necessary skills or ready-made malware," says Professor Jörn Müller-Quade, spokesman and initiator of the Competence Center for Applied Security Technology (KASTEL) at the Karlsruhe Institute of Technology (KIT). "An attacker only needs enough criminal energy - he can buy the rest." The lure is great: global turnover in cybercrime is higher than in drug trafficking, according to Müller-Quade.

In addition to criminal organizations, numerous states are also active as attackers in cyberspace. Espionage is one of their targets: "Governments, offices and companies offer a large attack surface with their diverse IT systems," says Rossow. "Malware can be used to record data streams or search files for information." The advanced persistent threats (APTs) observed in Germany currently originated mainly from Russia, China and the Middle East, he said. In addition to information gathering, state actors also focus on sabotage: the best-known example is the "Stuxnet" computer worm, which was discovered in 2010 and was intended to disrupt Iran's nuclear program. "Shortly thereafter, the Stuxnet successor Duqu was discovered, which apparently collected data for a later sabotage attack," Müller-Quade reports. "This is how the cyberwars of the future are being prepared."

Above all, critical infrastructures such as electricity and water supplies, as well as IT and telephone networks, are likely to be the first targets of attack in a cyber war. Their protection is therefore particularly important. "In extreme cases, you could take critical infrastructures completely offline," Müller-Quade explains. "In Israeli nuclear power plants, they use so-called data diodes that only allow information to pass through in one direction and thus prevent manipulation from the outside." Expert Rossow is also focusing on more protection through hardware: "Storages, in which data can be stored securely, are very much on the rise. Only authorized persons and secure, certified programs have access to them, so they can't be tapped by attackers." But it's crucial to raise awareness among users as well: Often, attacks only succeed because hackers have previously gained the trust of employees - who, for example, unsuspectingly open the attachment of an e-mail after this successful "social engineering".

Vigilance is therefore still required, and not only in the area of critical infrastructures

Vigilance therefore remains in demand, and not only in the environment of critical infrastructures. Those who want to protect themselves against cyberattacks should first follow a few basic rules: always use the latest versions of the operating system and application software; use a state-of-the-art virus scanner with up-to-date virus signatures; do not open any mail attachments if you do not know the sender. "Attachments from unknown senders can now be tested in sand boxes - these are servers in the cloud that can detect malware," Rossow reports. "But one thing has to be clear: We are in an arms race between attackers and defenders that will go on for years."

So cybercrime and government hacking activity are likely to be with us for a long time. "The wars of the future will be economic wars in which cyberattacks are crucial," Müller-Quade believes. "In part, we are already in the middle of it." At least the two experts also offer hope: On the one hand, programming languages, and thus the software written with them, are becoming increasingly secure. On the other hand, researchers are working on detecting and correcting errors in software systems with the help of analysis programs. In ten to 20 years, programs could thus be safe from attackers. However, the pace of technological development remains high - and no one can say today whether artificial intelligence and quantum computing will play into the hands of the attackers or the defenders. The arms race continues.