The manufacturing industry is becoming an increasingly attractive target for attacks. Anyone who wants to disrupt operations at a company in this sector would attack the supply chains. If, for example, a supplier was attacked by malicious software, the company may run into difficulties delivering ordered goods and may risk contractual penalties. The manipulation of production goods can also be lucrative here - there have repeatedly been cases in the past in which brand-new mobile phones were delivered with pre-installed malware to end-users.
Malware can also have a direct effect on production, for example when important control systems are affected by Ransomware – that may paralyze the operation of a CNC machine. The manipulation of production data is also conceivable: If, for example, an attacker gradually increases the manufacturing tolerances for certain components, this could, in the worst case, lead to a further loss of quality, damage to people and property as well as a company's good reputation. "Particularly in the industrial sector, there are control systems that are written off over 20 years or more. Special safety measures are required here to ensure that legacy devices do not leave the rest of the infrastructure vulnerable," says Tilman Frosch, Managing Director of G DATA Advanced Analytics. "Often, individual components can no longer be patched because support has been phased out years ago. Isolation of the vulnerable devices through virtual networks and firewalls can provide a remedy if the devices cannot be replaced at short notice".
New attacks require better procedures
Especially in the business environment there is a lot of money to be made for criminals. Therefore, more and more work is being put into the development of powerful malware. The criminals also try to bypass behavior-based defense mechanisms of antivirus programs, for example by preventing malware from trying to establish a permanent foothold on a system (or "create persistence") immediately after it is launched. "The time span a Behavior Blocker has to observe is getting longer and longer," says Andreas Lüning, founder and CEO of G DATA Software AG. "Here we are already working on a new technology to effectively defend against this type of malware in the future."
Doe the fact that small and medium-sized companies in particular only have limited security budgets, another trend is becoming more important: the outsourcing of IT services. Companies have been outsourcing large areas of their own IT infrastructure and administration to IT system houses for years. In the coming years, external security service providers such as G DATA Advanced Analytics will also play a much greater role. Because only 0.2 percent of companies have the money to really be able to comprehensively manage and execute IT security on their own.
Criminals spy on their victims
There will also continue to be a lot of movement in the area of criminal business models, especially when it comes to attacks against corporate networks, for example with Ransomware. If attackers have so far often relied on mass, class is becoming increasingly important. Although we expect the number of individual cases to decline, the amount of damage per case will increase drastically. The highest ransom demanded in 2018 was already half a million euros.
Attackers will resort to cherry picking in the future and will choose their targets more carefully. It will be determined beforehand, which companies promise success. In the run-up to the attack, perpetrators will have searched specifically for business figures that provide information about the economic strength of a company.
Based on these figures, they will then make ransom demands, of which they know quite well that the affected company can afford the payment without endangering its economic survival. Many of these attacks are carried out "by hand". Because the potential profits are high, the effort for the attackers should be worthwhile.
In the course of the considerably stricter conditions under the General Data Protection Regulation, another business field has opened up involuntarily: the threat of selling data or reporting a data leak directly to the responsible state data protection authority. The latter would be even more unpleasant for a company because such reports must be made public. Criminals could take advantage of the fear of public exposure and the drastically increased fines.
In our forecast for the year 2018, we had predicted an increasing importance of crypto currencies. This prediction has come true - crypto miners actually became a problem in many places in 2018. Numerous websites also delivered mining software that unnoticed used the computing power of other PCs via WebAssembly without the knowledge of the users to dig for crypto currencies. The proliferation of crypto miners also sometimes brought strange blossoms, such as paper notices on supermarket parking lots.
Virtual currencies become a problem for businesses when attackers succeed in hijacking a cloud platform used by the business, such as AWS. The unlimited scalability of such a platform can quickly become a financial problem for an enterprise if an attacker places cryptomining software on the platform and lets it mine virtual money. Without limiting scaling, the attacker benefits from the high computing power that the attacked company has to pay.
The GDPR will have an effect
Reports on actual sentences imposed on the basis of the basic data protection regulation will increase in the coming months once the first trials have been completed and the first judgments handed down.
For example, a Portuguese hospital has already been fined 400,000 euros (link will open in a new window) because too many employees had access to certain patient data in the case in question. The hospital in question officially has 296 doctors, but there were more than 900 user accounts with corresponding authorizations. Hospital has already filed an appeal.
Penalties are also measured by how companies design their own security infrastructure and how well they cooperate with authorities . German chat provider Knuddels, for instance, was fined around 20,000 Euros after attackers managed to capture a large amount of user data. The reason the company got away with little more than a black eye was that company had reported the incident at an early stage and also cooperated with the authorities in the further course of the incident.
At the end of 2018, another spectacular data leak at the Marriot Hotel Group made the headlines. Approximately half a billion customer records were temporarily accessible to unauthorized persons - and this at least since 2014. It is to be expected that here for the first time one of the more drastic penalties provided for by the basic EU data protection regulation will apply. In any case, a ruling should have a signal effect, even if all court proceedings are not expected to be concluded before 2020. The Marriott hack also showed that the new rules do not immediately lead to the establishment of clear responsibilities.