There were no public reports about exactly how the malware managed to infect the system of a mechanical engineering firm in Munich. The malicious ransomware could have landed in an employee’s inbox as an email attachment disguised as a supposed invoice or advertisement. Once it was opened, no doubt chaos broke out all over the company. What is certain, however, is that the company was hit with a cyber attack in November 2018. With grave consequences: the control systems in production and assembly couldn’t be restarted because the ransomware had encrypted the necessary computer data, rendering it unusable. The company’s production capacity was severely limited for weeks on end. To be on the safe side, email connections to customers and suppliers had to be cut off, and a number of IT servers shut down so that the attack wouldn’t spread even further. The perpetrators allegedly demanded a ransom. No information about the financial losses was made public. At any rate, a massive amount of work was required to get the company back up and running again.
Volker Baier deals with cases like these every day when he reads about the newest cybercrime weapons in the internet forums of the hacker scene. “I’m a hacker myself,” he says. Baier is the chief information security officer at sec-IT, a TÜV SÜD subsidiary. In contrast to the criminal hackers, known as black hats, Baier doesn’t use his knowledge to harm people or organizations. Instead he actually fights cybercriminals by finding and closing security gaps in companies’ IT and computer systems. Baier is what as known as a white-hat hacker, one who hasn’t gone over to the dark side.
“Ultimately what is always comes down to is people attacking other people.”
Hassan Moradi, Team Leader Penetration Testing
Pirates and Ninjas and Spies: Oh My!
“To realistically test a company’s security, I have to think and approach it just like a criminal hacker would,” Moradi explains. He coordinates sample cyber attacks by the good guys as team leader for Penetration Testing. The white hats use a variety of methods for their attacks: “During Penetration Testing, we hijack many security gaps and capture as much data as possible—kind of like pirates,” he notes. During “Red Team Exercises,” in contrast, he and his colleagues sneak in very quietly, like ninjas, and attack a very specific location, for instance a customer database or production controls.
Sometimes the white hats even work like traditional spies. Disguised as alleged visitors or suppliers, they sneak into a company and set out data storage devices, like USB sticks, containing malware. If an unsuspecting employee inserts one of those USB sticks into their computer, it triggers the cyber attack—naturally all completely legal and only with the customer’s consent. “Hackers may be using technology, but “ultimately what is always comes down to is people attacking other people,” says Moradi.