Cyber security in the company
This allows you to classify malware and find possible countermeasures.
Prevention is better than suffering the consequences
As a rule, the total costs caused by cyber attacks exceed the costs that would originally have been necessary for IT security.
The aftermath of cyber attacks
Financial damage:
Ransomware attacks can force companies to pay a ransom in order to regain access to their data. Even without payment, high costs are incurred due to downtime and data recovery. But even variants such as cryptojacking incur additional costs: this puts a strain on companies' hardware, resulting in higher energy costs and additional wear and tear.
Loss of productivity:
Worms and viruses paralyse networks, which leads to considerable restrictions in productivity. Ultimately, employees are also unable to work due to the resulting offline times. Even ‘spyware’ and ‘keyloggers’ - apart from their actual malicious potential - slow down the system and disrupt work processes.
Reputational damage and loss of trust:
Data loss due to Trojans, backdoors or supply chain attacks cause lasting damage to the trust of customers and partners in your own company. Successful phishing attacks lead to customer and company data being compromised, which also damages a company's reputation.
Legal consequences:
Data protection breaches can have serious legal consequences, especially if confidential or personal data is involved. This can result in high fines or warning fees, especially in connection with the General Data Protection Regulation (GDPR). Compliance breaches occur when malware jeopardises the integrity of company data. This results in further legal and regulatory problems.
Loss of business secrets:
Criminals use spyware and RATs to steal confidential data or trade secrets, which can lead to a significant competitive disadvantage - especially if competitors become aware of it. A combined attack with hybrid malware sometimes extracts valuable information, which then enables industrial espionage.
Disruption to the supply chain
Supply chain attacks not only affect the affected company itself, but also its partners and suppliers, which can lead to far-reaching disruptions throughout the entire production chain.
Costs for IT security:
After an attack, considerable sums are nevertheless required to restore and subsequently improve the company's IT security infrastructure. (In most cases, these are exactly the sums that were supposedly intended to be saved beforehand). This includes purchasing new hardware/software, training staff and revising security guidelines.
Malicious programmes that spread by attaching themselves to legitimate files. They require human interaction, e.g. opening an infected file, in order to be activated.
Countermeasures
Antivirus software: Install and update regularly.
Email filters: Prevent infected attachments and links from entering the network.
Independent programmes that spread without human intervention. They infect computers through security loopholes and often spread via networks.
Countermeasures
Network segmentation: Limit the spread of worms.
Patch management: Regular updates of operating systems and applications to close security gaps.
Disguise themselves as useful software to trick users into installing them. Once installed, they can gain access to sensitive data or download further malware.
Countermeasures
User training: Raise awareness of the safe handling of email attachments and downloads.
Application whitelisting: Only authorised software may be executed.
Locks users out of their own systems or data and demands a ransom for release. Common targets are companies and individuals who depend on their data.
Countermeasures
Regular backups: Back up important data regularly to enable recovery in the event of an emergency.
Two-factor authentication (2FA): Increases the security of user accounts that may be the target of ransomware attacks.
Monitors and collects information without the user's knowledge. This type of malware is often used to steal personal data such as passwords or credit card numbers.
Countermeasures
Anti-spyware tools: Use specialised software to detect and remove spyware.
Privacy policies: Ensure that only minimal personal data is collected.
Displays unwanted advertising on the user's computer and can also manipulate the behaviour of the browser. Adware is often installed together with free software.
Countermeasures
Ad blockers: Use browser extensions to block harmful adverts.
Caution with freeware: Check the origin and integrity of free software before installing it.
They hide deep in the system and allow attackers to take control of the computer without the user realising it. They are particularly difficult to recognise and remove.
Countermeasures
Security checks: Use rootkit scanners to detect suspicious activity.
Secure boot: Enable this BIOS/UEFI setting to prevent unsigned code from loading.
Networks of infected computers that can be remotely controlled by an attacker, often for purposes such as sending spam or carrying out DDoS attacks.
Countermeasures
Firewalls: Block suspicious outbound traffic.
Behaviour-based monitoring: Detect unusual activity that could indicate a botnet.
A type of spyware that records the user's keystrokes. This enables attackers to steal confidential information such as passwords and credit card details.
Countermeasures
Virtual keyboards: Use these when entering sensitive data.
Anti-keylogger software: Special tools that support the detection and removal of keyloggers.
Not technically malware, but a method of tricking users into revealing sensitive information. Phishing attacks are often carried out via fake emails or websites that imitate trustworthy companies.
Countermeasures
Email security training: Train employees to recognise and report phishing attacks.
Domain-based Message Authentication, Reporting & Conformance (DMARC): Protect against spoofed emails sent from your domain.
Tools developed to exploit vulnerabilities in software. They are often used by cyber criminals to smuggle malware onto computers.
Countermeasures
Regular software updates: Close known security gaps in software and operating systems.
Web application firewalls (WAF): Protect web applications from exploit-based attacks.
A type of social engineering attack in which users are tricked into installing unnecessary or malicious software through misleading warnings. It often claims that the computer is infected in order to trick the user into paying for ‘repair services’.
Countermeasures
Educate users: Make sure users are aware of the typical tactics used by scareware.
Pop-up blockers: Minimise the risk by blocking unwanted pop-ups in the browser.
Hidden ways to gain access to a system that is not protected by normal security measures. They are often installed by Trojans and allow attackers to take control of the computer.
Countermeasures
Regular security checks: Check systems for unknown or suspicious access.
Firewalls and Intrusion Detection Systems (IDS): Monitor network traffic for unauthorised access.
Malicious adverts that are placed on legitimate websites. These adverts contain scripts that download malware onto visitors' computers.
Countermeasures
Ad blockers: Prevent exposure to malicious adverts.
Ad network monitoring: Ensure that trusted ad networks are used.
Malicious programmes that are programmed to be activated at a certain time or under certain conditions. They can trigger harmful actions such as the deletion of data.
Countermeasures
Code review: Implement rigorous checks and testing procedures for new code.
Change management: Track all changes in the system and check for suspicious activity.
Malware that runs in a computer's memory without leaving any traces on the hard drive. It is particularly difficult to detect and remove as it bypasses conventional virus scanners.
Countermeasures
Behaviour-based detection: Use solutions that detect unusual behaviour, even if no files are involved.
Memory scanning tools: Use tools that scan the memory directly for suspicious activity.
A form of malware that secretly uses a computer's computing resources to mine cryptocurrencies such as Bitcoin. This is often done without the user's knowledge and can significantly impair system performance.
Countermeasures
Endpoint Detection and Response (EDR): Deploy specialised solutions that can detect unusually high CPU usage.
Browser protection: Install extensions that block mining scripts.
These Trojans allow attackers to take full control of the infected system remotely. RATs are often used to steal data, monitor keystrokes or even activate the victim's webcam.
Countermeasures
Strong passwords and 2FA: Make unauthorised access to systems more difficult.
Application control: Restrict which applications can be run on end devices.
This is a type of attack in which malware is infiltrated into systems via trusted software updates or supply chains. This method was used, for example, in the infamous SolarWinds attack.
Countermeasures
Review suppliers: Conduct thorough audits and security reviews of third-party vendors.
Software Integrity Monitoring: Monitor the integrity of software and updates before they are deployed in the organisation.
An advanced form of rootkit that embeds itself in the system's boot process. They load before the operating system and are therefore extremely difficult to recognise and remove.
Countermeasures
Secure Boot: Activate this BIOS/UEFI function to prevent bootkits from loading.
Firmware monitoring: Regular checks and updates of the firmware to detect and remove bootkits.
This category combines several types of malware in a single attack. For example, an attack that contains both ransomware and a Trojan can be considered hybrid malware.
Countermeasures
Combined security solutions: Utilise security solutions that provide both network protection and endpoint protection.
Zero trust architecture: Implement a zero trust model that strictly controls access to resources.
Particularly widespread in the mobile sector, these are applications that mimic legitimate apps in order to trick users into installing them. Once installed, they can steal data or compromise the device.
Countermeasures
App store monitoring: Avoid downloading apps from unofficial sources.
Mobile device management (MDM): Rely on solutions that control and monitor app access on corporate devices.
With the increase in networked devices (Internet of Things, IoT), there is also specially developed malware that attacks these devices. IoT devices are often less well protected and can be merged into a network of compromised devices (botnet).
Countermeasures
Network segmentation for IoT devices: Separate IoT devices from the main network to prevent the spread of malware.
Regular firmware updates: Keep the firmware of all IoT devices up to date.
Attacks the firmware of devices, i.e. the software that is deeply embedded in the hardware. As firmware updates are rare, such malware can be extremely difficult to remove.
Countermeasures
Trusted Platform Module (TPM): Utilise hardware-based security features that monitor the integrity of the firmware.
Firmware scanning tools: Use specialised tools to scan the firmware for signs of malware.
Other security-related topics
Do you think data security is handled too laxly on the Internet? Here is an anti-micro-targeting project for this.
NIS-2 is an EU directive designed to improve the security of critical infrastructures (KRITIS).
IT security experts have discovered a security vulnerability known as ‘sinkclose’ in AMD CPUs.
