Phishing attacks are booming. This not only affects the individual consumer, companies are also increasingly feeling the consequences of these cyber attacks. With e-mails and other messages as “Trojan horses” for malware, hackers are increasingly able to gain access to company and customer data, extort ransom for them and even paralyze entire businesses.
The phishing attacks are becoming more and more obscure: They manage to appear very authentic under the guise of bills, business e-mails or private messages. Many business leaders are desperate and even willing to pay millions in ransom money to save their businesses. These 5 phishing attacks have hit Germany particularly hard recently:
Russia's cyber attack on the German Bundestag
The cyber attack on the Bundestag in 2015 put the issue of cybersecurity high on the list of priorities in Germany. The attack was so severe that parliament even considered rebuilding the entire technical infrastructure. Even the IT experts of the factions concerned were unable to stop the flow of data - a sign of the professionalism of the attack. Now the case has come back into the spotlight: In May 2020, the Federal Prosecutor issued an arrest warrant for an employee of the Russian military intelligence service GRU. He was a member of an intelligence group known as "Fancy Bear". The EU is now adopting sanctions against the Russian secret service center for the first time.
"Wannacry" causes billions in damage
Wannacry ransomware has been attacking private individuals and companies around the world for over two years, causing damage worth billions. Wannacry is said to be behind every fourth ransomware attack in 2019. In addition to many private individuals, companies such as Deutsche Bahn and Telefónica were also affected. Much of the ransomware like Wannacry is spread via infected links or attachments that unsuspecting employees open. The inadequate protection of the affected devices as well as applications and operating systems that are not up to date are held responsible for the ongoing enormous success of Wannacry.
Cyber attack on the Fürth Clinic
In the winter of 2019, the media reported on a phishing attack that undoubtedly deserves its place on the list of the most damaging phishing attacks of recent times because it targets sensitive health data. Hackers targeted the German health sector, primarily targeting hospitals from which they wanted to extort ransom. The Fürth Clinic was forced to shut down all of its operations. The attacker's target was the hospital's IT system into which a virus had been smuggled. The usual care of the patients was made impossible. The result was that operations had to be canceled or postponed and new patients could not be admitted.
German energy and water supply in sight
The Palatinate energy and water supplier "Technische Werke Ludwigshafen" (TWL) was blackmailed by hackers in May 2020. They threatened to publish the private customer data of the 100.000 households served on the Darknet if the payment request in the millions were not met. The gateway was an infected attachment that was used to infiltrate the ransomware. The hackers put increased pressure on the company by also contacting customers. When TWL refused to pay, the hackers began releasing the 500GB of data. This had serious consequences, especially for the customers, from whom not only phone numbers and e-mail addresses were leaked, but also private addresses and bank details.
Manipulation of the Corona protection measures
Hackers don't stop at taking advantage of the global pandemic either. The German health sector is also affected by this cyber attack. The spear-phishing attack targeted a German task force of the federal government, which had been entrusted with the procurement of medical equipment such as protective clothing and masks for the German market and health sector since March 2020. The task force consists of nine companies, including Volkswagen, the pharmaceutical company Bayer, Lufthansa, the chemical company BASF and DHL. This task should be compromised with the help of the cyber attack on at least 100 executives. What is certain is that such an attack does not only apply to the task force, but indirectly to the entire population.
Increasing numbers of remote workers made it easier Phishing attacks
Company processes are increasingly digitized and mobilized. The increasing number of remote employees who also use private devices for their work presents managers with a new challenge. This is why companies have to invest more in their cyber security and the protection of company and customer data in order to avoid damage from phishing. Business and security officers are responsible for protecting all processes from unauthorized access, regardless of location and device, in order not to endanger business-critical areas and to avoid operational failures. It must be ensured that phishing attacks are detected and remedied across all mobile threat vectors. For a long time now, this has not only included company emails, but also SMS, instant messages and social media. The implementation of a comprehensive solution that secures all business processes fully automatically on stationary and mobile devices as well as applications has become indispensable due to the phishing boom.
More on this at Mobileiron.com
About MobileIron MobileIron is redefining enterprise security with the industry's first mobile-centric zero trust platform built on top of Unified Endpoint Management (UEM) to secure unlimited access to and protection of data across the enterprise. Zero Trust assumes that cyber criminals are already on the network and that secure access is determined by a "never trust, always verify" approach. MobileIron goes beyond identity management and gateway approaches by using a broader set of attributes before granting access. A mobile-centric zero trust approach validates the device, establishes the user context, checks the authorization of applications, verifies the network and detects and corrects threats before a secure access to a device or a user is granted. The MobileIron security platform is built on the foundation of the award-winning and industry-leading Unified Endpoint Management (UEM) capabilities with additional zero-trust enabling technologies, including zero-sign-on (ZSO), multi-factor authentication (MFA) and mobile threat Defense (MTD). Over 20.000 customers, including the world's largest financial institutions, intelligence services, and other highly regulated companies, have chosen MobileIron to provide a seamless and secure user experience by ensuring that only authorized users, devices, applications, and services access corporate resources can.