Whether data theft, DDoS attacks or ransomware: cyber criminals are becoming increasingly sophisticated and no one is safe from cyber threats. Nevertheless, many companies still take the topic of IT security too little seriously. IT service providers should therefore make their customers more aware of security vulnerabilities and possible countermeasures. Here is an overview of current attack methods.
The topic of cyber security is currently high on the agenda of all IT service providers. Since the beginning of the year, the cyber threat situation has intensified, more cyber-attacks are making headlines again and many Swiss companies fear for their data, the availability of their systems or the accessibility of their websites. For example, the Geneva-based International Committee of the Red Cross was the victim of a large-scale hacker attack in January 2022. According to the "Tages-Anzeiger," the attack compromised personal data and confidential information on more than 515,000 particularly vulnerable and vulnerable people. The data came from at least 60 national Red Cross and Red Crescent societies around the world.
Europe's largest car dealer Emil Frey was also targeted by cyber criminals in 2022: Still-unknown cyber criminals blackmailed the Emil Frey Group, threatening to release nearly 300 gigabytes of "confidential data" they said they had captured in a January hacking attack. The hackers made partial good on their threat in early February this year, sharing a compressed file on a file hosting platform that allegedly contained customer data from Switzerland and Germany, according to the news platform "Watson".
IT service providers must increase their customers' awareness of cyber security
While cyber-attacks and data leaks don't always make headlines for smaller businesses, security vulnerabilities can have devastating consequences for companies of all sizes. Consequences range from financial losses to criminal prosecution to long-term reputational damage. At Xelon, we hear time and again that smaller companies don't take cyber threats, and therefore IT security, as seriously as they should. We therefore believe that IT service providers have a duty to raise awareness among their customers.
In our free e-book "IT Security: Trends 2022" (in German) you will find 5 articles about cyber security that are specifically geared towards IT service providers.
What cyber threats are lurking right now?
Well-known scams such as phishing, ransomware, Trojans, botnets and distributed denial of service (DDoS) attacks are still among the biggest cyber threats. Rather new, however, are fileless attacks. These are a subset of so-called living-off-the-land (LotL) attacks and use tools and functions that already exist in the victim's environment. Fileless attacks do not rely on file-based usage data and, in most cases, do not generate new files. As a result, they have the potential to fly under the radar of many prevention and detection solutions. Typically, a fileless attack begins with an emailed link to an insecure website. Social engineering tricks on that website can launch system tools that retrieve and execute additional usage data directly in system memory. Distinguishing between the malicious use of integrated system tools as opposed to their many legitimate automation and scripting uses is often a major challenge for traditional security measures. The use of system tools as backdoors has been around for decades, but according to cyber security experts, they are currently an upward trend.
Sometimes cyber criminals identify vulnerabilities not in applications, but in process flows, In recent months and years, an increase in business process compromises has been observed. In doing so, attackers exploit systemic vulnerabilities to their financial advantage. Attacks on business processes require considerable knowledge of the victims' systems and processes. It often begins with a compromised system on the target network, through which the cybercriminals can observe the company's processes and gradually identify security gaps. These attacks on process flows are usually discreet and the affected organizations may not detect them in time. This may be especially the case if, at first glance, the affected process continues to function as expected.
Security training can be a huge opportunity for IT service providers
"Many IT service providers are struggling with the fact that some of their customers are lax about IT security in the face of heightened cyber threats. For example, how many companies have employees come in and not receive security training either at the outset or on the fly? As an IT service provider, it can be an opportunity for you to offer security training to your customers," says Xelon CEO Michael Dudli.
Michael Dudli sees three points IT service providers need to consider when raising awareness among their customers:
- Awareness: New employees of your customers should be trained on possible dangers. These can be general topics that are independent of the company, such as social engineering or phishing. But there are also questions that are company-specific: What kind of important data do we work with? Where is it located? What do I need to pay attention to? What is confidential? What does data protection mean?
- Perimeter protection: "How often do you still see a web application protected only by a firewall and not by a web application firewall (WAF) that specializes in, detects, and intercepts attacks at the HTTP and HTTPS level? Of course, firewalls are needed everywhere. DDoS is also a big issue. Just a few weeks ago it came out that a record attack was blocked with it. It has to be considered whether an IT service provider can handle and block DDoS attacks at all. These are aspects that have to be taken into account to ensure perimeter protection. As an IT service provider, I have to guarantee the Internet connection and ensure that attacks are blocked at the perimeter level or even beforehand, for example at the Internet provider," says Michael Dudli.
- Endpoint protection: Protecting computers, laptops and servers from cyber threats should not be neglected either. Endpoint protection also includes backups of data and systems. Because smaller companies are increasingly affected by cyber attacks, as described above, companies of all sizes need a Plan B in the form of an IT contingency plan (disaster recovery plan). "I think it's important to have the onion principle. So there should be several layers that interlock and don't allow any permeability anywhere," explains Michael Dudli, CEO of Xelon.
In our e-book "IT Security: Trends 2022" (in German) you will find an overview of the current cyber threats and a security checklist for your customers. You can download the e-book free of charge here.
Stephanie Sigrist