Identitätssicherheit

3 reasons to invest in digital identity security

Our world is increasingly digitized and in many areas only takes place online. This also increasingly applies to our everyday working lives; companies are networked in the cloud thanks to communication and collaboration tools. Our systems such as CRM or ERP have also been outsourced to the cloud for better data availability. At the same time, questions are now increasingly being asked about the best possible protection for this outsourced infrastructure. It has become clear that VPN and virus protection alone are no longer sufficient to reliably protect your company’s IT from unauthorized access.

For this reason, you should definitely consider—if you haven’t already done so—meaningful identity management and deeper protection of your employee identities. This includes the question of how your employees can digitally identify themselves. So they can protect themselves from misuse of their own identity and its consequences. We’ve rounded up 3 key reasons why you should invest in digital identity security in your organization now, at the latest.

Secure tomorrow’s workplace today

The future is digital—that also means remote! True, remote work has existed before 2020. But 2020 was a booster for faster digitization in office applications. “Digital-only” therefore already applies to collaboration and communication. Despite the misgivings of many companies, employees have coped surprisingly well with this. They have quickly learned to anticipate these new ways of working and reap the benefits for themselves. But this is only part of the story. Although the introduction of communication and collaboration tools has been well received, network security and, in particular, the safeguarding of employee identities have often been neglected. The priority was to get operationally up and running quickly; thinking about IT security was a second step if it was thought about at all.

Yet the shift of (working) life to the digital world has created the perfect conditions for cybercrime. Phishing and social engineering attacks on companies have increased as a result of the crisis. By introducing a second factor to secure applications, they prevent identity misuse. After all, only those who can identify themselves twice—with a 2nd factor known only to them—will ultimately gain access to a file or system. Sensible and restrained access management also ensures that only those employees who really need access to sensitive areas of your corporate IT have it.

Improved usability increases employee satisfaction

Today, we expect a high level of usability and a consistent user experience with our applications. No longer just in our private lives, but also in the applications we use at work. Passwordless login increases the productivity and acceptance of your employees: because they don’t have to remember a multitude of complex passwords and can log on to their PC and applications with a single click. The combination of a multifactor authentication solution with single sign-on functionality allows fast, convenient, and uninterrupted switching between different applications. Without compromising on security.

Simplify your compliance processes

Centralized management of user identities and simplified login via single sign-on increase the productivity and effectiveness of your employees in the long term. Lengthy processes for (repeated) logins to individual applications and mandatory password changes in specific cycles are eliminated. Life is also easier for your administrators, who can dispense with complex password policies and the need to control them. Even a simple, insecure password has become a secure login with the highest security requirements through MFA.

At the same time, with a sensible Identity and Access Management and a secure multifactor authentication method, you introduce an important milestone to protect your corporate compliance. After all, the theft of (employee) identities poses a profound threat to your company; the compromise of your IT landscape and the possible associated data loss can be followed by data protection lawsuits and corporate compliance investigations. These are often more expensive than the actual damage caused by lost productivity.

Phishing

The consequences of phishing attacks for companies

Phishing attacks on companies are on the rise. You would think that everyone would be familiar with the term. In fact, a recent report from Proofpoint showed that many employees are unaware of what phishing actually is. And they are therefore unable to assess how they could be affected by it. And, ultimately, how they can protect themselves from such attacks.

That’s why we’d like to start by defining the term before going into what consequences this has for companies. And we show you what simple tools can help with prevention.

Where do we face phishing?

Phishing describes the process by which fraudsters attempt to obtain personal data using forged e-mails, instant messages, or websites. A special form is a so-called vishing, in which this fraudulent process is carried out via the telephone.

In the case of private individuals, the aim is usually to obtain payment and identity data or passwords directly. A variation is the (surreptitious) download of malware; whether in the form of ransomware to extort a ransom after data encryption or to form a so-called botnet. This ensures that the PC can be remotely controlled, whereby it can become the starting point of another wave of infections, for example.

In the business environment, phishing attacks do not necessarily primarily target the individual concerned. Often, the entire company is at the center of such attacks. Even if companies still have weaknesses in their technical security, the phishing phenomenon shows that people are the most fragile link in the security chain. This is because people are targeted using mailings or telephone campaigns to elicit relevant information from them. Employee awareness training repeatedly shows how carelessly employees pass on information or follow (dubious) links during good social engineering campaigns.

For a large-scale social engineering campaign against a specific company, tapping user and access data can certainly be the first step. Often, however, the actual attack is preceded by espionage attempts. Perpetrators use fictitious e-mails and/or phone calls to specifically identify people responsible for the finance or IT departments, for example. This enables them to launch the actual attack on the company at the right point. These targeted attacks on the upper management level are often more successful than an untargeted attack on individual employees since a broad information base is available here; built up via external as well as internal sources.

Possible campaigns on companies

Possible campaigns based on lucrative profits alone are the focus of phishing attacks. Small and medium-sized companies and large hidden champions are particularly often targeted by fraudsters. Because of their low profile, they often lull themselves into a false sense of security and neglect the protection of their networks and systems. This is a fatal mistake. Since weak security systems and access restrictions, as well as a lack of investment in employee awareness and training, can be very costly.

One form of social engineering campaign that has become increasingly common is CEO fraud, also known as business email compromise. In this case, e-mails are sent to employees in the name of superiors up to the top management level to obtain their data. At the same time, however, executives, in particular, are also targeted by cybercriminals.

In addition to such targeted campaigns, attackers also continue to use classic methods, such as fake links or attachments to supposedly download business-relevant documents. Especially in the business environment, where there is a compulsion to open files or follow up on information, attackers have an easy game if they target relevant topics.

The consequences for companies

A successful phishing attack can cause several major problems for businesses. We have summarized the most common consequences and causes in the graphic.

Infographic Phishing

Well protected thanks to MFA and IAM

When dealing with phishing, it is essential to particularly safeguard the human factor. Even the best firewall or the latest anti-virus program is of no use if an employee – on the phone or in a fake e-mail link –reveals company information or access data. At least you can protect yourself and your company against the latter using sensible identity and access management and MFA (multifactor authentication).

One example of such software is DoubleClue, which combines both. Find out more about all the benefits of using DoubleClue here.

Digitalisierung Remote

Digital Collaboration—IT security while working from home

The past year was a catalyst for the digitization of German companies. This relates in particular to how and especially where we worked. Many companies suddenly and mostly abruptly started to work from home.

According to Bitkom, almost every 2nd employee was affected by this development in the spring. However, this accelerator of many digitization projects also has downsides. Since the attack surface for cyberattacks has increased as a result of the decentralized IT infrastructure. We should therefore take a look at how well IT security has been ensured in this time. And especially ask ourselves the question: What could we learn from this for the current “home office”-wave?

IT security or smooth operations while working from home?

Danger from cyber attacks while working from home

This should not be a matter of decision! Even if reality has shown that this was certainly the case. And unfortunately, it is again the case today. Because many companies have reacted to the crisis: Due to the decentralized way of working, new cloud and collaboration tools had to be introduced, such as MS Teams or Zoom. Often, however, the question of the security of these applications, which were operated almost exclusively via private Internet lines, has fallen by the wayside.

Virtually overnight, employees—and with them, the IT they use—have started to work from home. Since many companies were not prepared for such a situation, this also meant that their IT structures were not designed for remote work at all. Therefore, the priority here was to create structures that kept the daily business alive despite the home office—which often meant that questions about security took a back seat.

Lack of security standards while working from home

Security gaps

Both companies and employees had to consider so many things: How do I deal with the fact that my company laptop is running on the same network as my in-house network printer, the private laptop as well as my children’s smartphones? How can I ensure that the private network printer does not allow intrusion into the company network?

Responsibility for the security of in-house networks and the devices used are often passed on to employees. Often, however, the basics of IT security are lacking, such as training in IT security-related actions, for example, in the case of phishing emails or about fraudulent websites, or the necessary infrastructure for working from home.

A survey by Computerbild makes it clear that basic security measures were not being used: Only just under two-thirds of respondents said they had password protection for their computers and installed virus protection programs. And only just under half mentioned the (necessary!) separation of devices used for private and business purposes. VPN connections and multifactor authentication (MFA) were ultimately affirmed by only about one-third of respondents. This clearly shows that only just under a third of all home workplaces meet these IT security standards.

Whose IT security is affected while their employees are working from home?

Working from home affects everyone

In short, everyones.

However, small and medium-sized companies, in particular, lull themselves into a false sense of security; in fact, size is no guarantee that they will not be affected by ransomware attacks or similar attacks. According to a recent Bitkom study, it is small and medium-sized companies that are particularly lucrative for extortionists; unlike large companies, they often have no way of bridging economic downtime and the associated costs. A “small” ransom of a few 100,000 to a single-digit million figure often seems to be paid more quickly here than waiting for lengthy decryption processes with an uncertain outcome. Multinational players have completely different (financial) options here.

The human factor as the greatest target

Risk due to the human factor

Yet it is almost always the human factor that poses the greatest risk to your company’s security. Our algorithms and the AI that underlie today’s virus scanners and threat protection are so good and sophisticated that they can detect malware well. Unfortunately, humans often don’t: In the morning, we want to briefly skim through the mails over a cup of coffee. We are still tired, perhaps also under time pressure; especially in such situations, we are inclined to open an attachment or follow a link without closer examination. Especially in the environment of our own places, such carelessness is fatal: the infrastructure is less protected, the virus programs may not be up to date. A single infected PC can then paralyze your entire IT infrastructure.

In addition to carelessness, attackers also rely on emotions. Data and personal (identification) information are thus often willingly revealed. It is true that malware spam inherently uses social engineering methods to play on people’s fears and concerns. Central themes in recent months have been the new insecurities associated with the Corona crisis. Supposed instructions from superiors, authorities, or colleagues—today, well-crafted malware spam can hardly be distinguished from genuine requests and is also not intercepted by Mail Protection. This also becomes clear when you consider how well hackers have succeeded in tapping personal data via fake Corona help pages. Currently, the LKA in North Rhine-Westphalia, for example, is warning against such offers.

The consequences of a ransomware attack

Consequences Ransomware

Ransomware is malware that prevents access to local data or a network by encrypting and/or stealing data. The aim is usually to extort ransom money to unlock the data. Another extortion method is also the threat of successive publication or sale of sensitive data on the Internet if payment is not made.

Ransomware is usually spread via links or attachments in emails, with the spreaders relying on advanced social engineering methods and also exploiting professional constraints or emergencies in particular. After all, without human assistance, infecting the PC is almost impossible, or at least unrealistic. The human factor is the biggest vulnerability in your system. This is because, despite bugs and loopholes in programs, an attack via humans themselves is less time-consuming and resource-intensive.

The damage of such attacks—both financially and in terms of reputation—is enormous. Only very few companies are adequately secured against ransomware attacks, although around three-quarters of German companies are affected by data attacks. The damage is often in the millions, as ransomware encrypts systems and data, making it impossible to continue working. If backups are also encrypted, which are often just as vulnerable to attack as the original data due to their location on the servers, companies must reckon with definitive data losses. Since most ransomware attacks rely not only on encryption but also data extraction, even after successful decryption, further data protection lawsuits by those affected are to be expected.

These measures secure your IT

IT security while working from home

So you see: In addition to the technical component, the human factor, in particular, must be included when securing your IT systems. After all, the human factor is THE weak point in your IT system.

Short-term measures such as the strict separation of private and professional devices are a good start for the current situation. In the long term, however, you need a holistic strategy that starts with the choice of technical solutions used. This includes VPN clients, cloud applications, firewalls, and anti-virus programs. Ideally, these building blocks go hand in hand, so that the maintenance effort for your IT infrastructure is reduced.

It is also essential that you become even more aware of the importance of the human security risk—and take active measures. This starts with training courses on social engineering and manipulation. This training should not only focus on the basic problems but also explain the technical aspects. Only then can a basic understanding of the dangers of such attacks emerge.

Become aware of the importance of identity protection! Today, this can be secured with simple means such as multifactor authentication. This also kills two birds with one stone: modern multifactor authentication relies on passwordless login methods and single sign-on. This not only protects your IT but also offers your employees a simpler and more effective work experience.

DoubleClue – Your protection for the human factor

DoubleClue App

Therefore, we advise you to implement an improved identification policy in your company. Using multi-factor authentication, users must identify themselves through a second component when logging on to different applications or devices. This ensures security against unauthorized use by third parties. Multifactor authentication is especially important for all those employees who have administrative rights or remote access rights to third-party servers and devices. No matter how well you train your employees, a technical barrier that prevents unauthorized access without exception is mandatory. As a single human error by a single user is enough to cause maximum damage.

Your advantages when implementing DoubleClue

  • Short roll-out time: In total, you need about one day to secure your corporate network against external attacks with multifactor authentication
  • We accompany you completely during implementation and roll-out and offer you full support afterward

Request your 30-day free trial here.

ePA

How secure is the Electronic Patient Record?

Since the beginning of the month, the Electronic Patient Record has been available in Germany, in which insured persons can store and manage their data in a central location. The central storage of their health data is intended to facilitate communication between patients and doctors. In the initial phase, however, patients will have to take care of filling their digital files themselves. There are also still data protection concerns: Patients will not be able to select which doctor has access to which parts of the medical record until 2022. For the time being, anyone who wants to use the Electronic Patient Record provides their doctor with all the information it contains – or none at all.

What is an Electronic Patient Record?

The Electronic Patient Record allows patients to voluntarily store their health and diagnostic data centrally in one place. The information it contains can be shared with doctors, pharmacies, and hospitals to shorten treatments. Or prevent duplicate examinations. In the future, patients will also be able to use the app to manage the information it contains. They can then decide which doctor can see which information. The digitization of bonus books, vaccination cards, and maternity records is also planned for the future.

When does the Electronic Patient Record come into effect?

Patients will be able to have their health insurers issue the Electronic Patient Record from the beginning of 2021. For the time being, however, they will have to fill it out themselves. Until July, it will only be available to around 200 practices and hospitals on a trial basis; only then will its use be extended to the whole of Germany. The health insurers, on the other hand, have no insight into the stored data, even though the Electronic Patient Record is intended to provide communication channels to their own health insurer. This prevents the insured person from suffering any disadvantages as a result of diagnoses or findings.

How secure is my data?

The Electronic Patient Record stores patient data in encrypted form. Data is exchanged with doctors and other healthcare facilities via the so-called telematics infrastructure network. However, critics have still identified security deficiencies here: For example, the TI’s virus protection is said to be insufficient to actually protect sensitive health data reliably. Also, too lax IT security measures in medical practices can be a security risk. Easy-to-guess passwords or shared admin and access rights are unfortunately still commonplace in many medical practices. You can also read a comprehensive review of the current data security in healthcare as well as the criticism of the telematics infrastructure in our blog post here.

Cases from abroad, such as a successful hacker attack in Finland, have also shown how weakly protected our sensitive healthcare data still is. Experts, therefore, advise being selective about what information you want to include in the Record. The inclusion of psychotherapeutic documents is currently not advisable. This is because such data could have negative consequences for those affected when looking for new insurance companies or employers, should this data fall into the hands of third parties without authorization.

Unfortunately, the risks and benefits of the Electronic Patient Record must be weighed up here as well. On the one hand, centrally stored data enables faster and more favorable treatment success. This saves time, costs, and nerves on both sides. However, if this sensitive data falls victim to a cyberattack, the insured person may suffer disadvantages, the consequences of which cannot yet be assessed.

Will you use the Electronic Patient Record? Join the discussion here.

DDoS-Angriff auf Impfportal

DDoS attack on vaccination portal

At the end of December, vaccination against the COVID-19 virus began in the European Union; it has now become known that a cyberattack on the vaccination portal of the Association of Statutory Health Insurance Physicians in Thuringia and the Thuringian Ministry of Health had already occurred in December. This was probably a so-called DDoS (Distributed Denial of Service) attack. As the vaccination center announced, the servers were overloaded by a high number of requests and collapsed as a result. Booking vaccination appointments via the site was therefore initially not possible.

What is a DDoS attack?

This form of cyberattack is an attempt to paralyze a server, a website, or even just parts of a website. For this purpose, countless (and pointless) requests are sent to the respective server within a very short time. How many requests are necessary depends on the server’s capacity. In Thuringia, about 158,000 requests were necessary.

The requests are usually sent by a mixture of botnets and reflectors. Botnets are infected devices that can be directly controlled by the hacker by means of malware. These “zombie” computers then send misleading connection requests to other computers, which are then called reflectors. These reflectors do not necessarily have to be infected themselves. Because here, hackers exploit the characteristics of our modern devices to also want to “answer” queries. In this way, they manage to build up a comparatively small botnet and also cover their tracks, since devices that are not involved in themselves now also support the attack.

Who is the target of DDoS attacks?

The good news, if you will, upfront: the target of such attacks is not private individuals. Such attacks usually target large websites and opinion leaders – but also, as the current case shows, the healthcare sector, governments, or banks. In other words, important and critical infrastructure. This is why some security experts classify DDoS attacks in the realm of digital warfare, as they can paralyze critical civilian networks and thus harm society.

It is important to note, however, that a DDoS attack does not primarily have monetary goals. It is often about protesting against a site that does not correspond to one’s own political opinion. Or even just to prove that one has the skills to carry out such hacks. These attacks become really critical when the primary goal is not to cripple the site, but other actions are running in the background. The superficial distraction facilitates the cover-up of a more serious hack in the background. If critical infrastructures are affected, a ransom demand can also follow in order to release the server as quickly as possible and get it up and running again.

For the current case, however, the background of the act is not further known.

How can you protect yourself from a DDoS attack?

Since you as a private individual are not the primary target of such an attack, the sobering answer here is: very little to nothing. However, your primary goal should always be to protect your PC as best as possible against malware being installed. After all, this is how you can at least prevent yourself from becoming part of the botnet. Therefore, always update your virus software on the devices you use in a timely manner. The router also plays an important role in protecting your network and should therefore always be up to date. The same applies to your passwords. Wherever possible, set up modern password protection with multifactor authentication. A password manager can help you keep track of your passwords.

As a web administrator, you basically have options available to defend against such attacks. For example, if you notice an unusual data stream in time, you can redirect it to a “black hole” (= a non-existent server). A bandwidth management tool as well as good virus software will help you in advance to fend off simple DDoS attacks if necessary. The last option is to rent a higher bandwidth to ensure availability despite high traffic. For your users, unfortunately, the only option is to wait until your service is available again.

Digital Transformation

Digital Transformation and Cybersecurity

Digital transformation and the associated (IT) change management have evolved from buzzwords to important drivers in companies. German SMEs are also catching up with these important developments, albeit still hesitantly. Many entrepreneurs shy away from major upheavals in their IT landscapes. Often, they are also faced with the question of how they can drive these important fields forward – without the important topic of cybersecurity falling behind?

The increasing networking of all machines, as well as business processes, means that entire IT landscapes are at risk from external influences. Therefore, in addition to a digital strategy, a security strategy based on it should also be introduced in the company. This also means that the budgets for corporate IT must be adjusted. After all, a technical upgrade without security measures in the background is on shaky ground.

Here are some important tips

Dismantle isolated solutions

IT structures are usually evolved solutions that have been expanded and supplemented whenever necessary for the respective business model. These isolated solutions are sometimes better, sometimes worse connected via different interfaces – but sometimes they exist side by side so that each branch or subsidiary has its solution. It is obvious that not only the application structure is confusing, but also the security of the systems is often rather nebulous in such a landscape. Each system must be protected separately, and if – for example when an employee leaves – the network and security plans have not been properly documented and passed on, it is also possible that important protection and security measures may not have been properly checked and adapted.

In addition to economic reasons, the security aspect should also be reason enough for most companies to dismantle these heterogeneous, poorly networked IT landscapes and replace them with an end-to-end application and network landscape. This saves costs and resources in setting up and maintaining company networks and ensures uniformly high-security standards in your company.

Do not rely on top-down communication

When describing the approach of German companies to digitization, one often encounters the terms “hesitant,” “slow” and “risk-averse.” Nevertheless, it is clear that something is happening – but also that SMEs, in particular, are having a hard time. Especially when it comes to introducing new systems, which may also entail the introduction of new processes. Especially at the management level, people are too attached to the old, which they then want to transform into the new. This does not work! Particularly because the employees are not included in the process. Because digital transformation and change management thrive on the dialog. And especially from down-top communication. Yes, you read that correctly. Your employees are the key to the success of your digital transformation process.

Therefore: Take your employees with you

This means two things: learn from your employees. The younger, tech- and IT-savvy generation, in particular, wants to, and especially can, get involved. They contribute ideas. And more importantly, they will provide and implement knowledge. At the same time, it is also important to take along those employees who are rather critical of new technology and the associated change. Take their concerns seriously and address them in your IT and security concept.

But it also means that you should invest in your employees’ knowledge of cybersecurity. Important here: all employees who work in your network and access at least one of your systems or one of your deployed applications. Because no matter how well your company is technically positioned in terms of cybersecurity, the biggest weak point in your security network is the human factor: phishing and social engineering attacks are becoming increasingly sophisticated. That’s why you should optimally prepare your employees for such an emergency through training and testing. In this way, you can proactively close gaps for attackers in the best possible way.

Be proactive

Many companies, but also private individuals, still underestimate how important it is to invest in preventive security measures. As a result, the budget for digital transformation in companies is often large, but the budget for the associated security mechanisms is incomparably smaller. This “what’s going to happen to us” mentality can quickly become very expensive. Even if it doesn’t seem like it at first: investing in security upfront is much cheaper than reacting to damage that has occurred.

Have you been hacked? That means downtime, possible data loss, but even worse: loss of reputation and, in the worst case, dwindling order numbers due to late deliveries or due to your customers’ lack of trust in you and your compliance.

You see: Action pays off. And the reaction can therefore only be the last resort.

Your benefits from a digital transformation based on Cybersecurity

Application and data security and availability

High-security standards ensure that your employees always have access to the applications they need. This is the only way to ensure that business processes run smoothly. At the same time, you protect your company’s data and that of your customers. In addition to operational processes, this is also more than necessary concerning legal regulations.

Best user experience, first-class compliance management, and cost-efficiency

Networked systems allow your employees to quickly and easily switch between applications with similar user interfaces. This saves a lot of time when learning new programs, but also in the daily workflow. At the same time, with such networking, these systems must be adequately protected so that they cannot be compromised. This sounds costly at first, but imagine the effort if you had to install and maintain security mechanisms at the same high level on every single application. This way, you make things easier for your IT, as well as for the end-user at the workstation. And you can deliver a higher security standard for a lower budget.

Corona vaccine

Corona vaccine data targeted by hackers

On Wednesday evening, unknown hackers managed to penetrate the system of the European Medicines Agency (EMA). In doing so, they were able to capture individual pieces of information on a Corona vaccine that is currently in the approval process. The authority is currently reviewing the approval of the vaccine developed by the Mainz-based company Biontech and the US pharmaceutical giant Pfizer. EMA has not yet disclosed exactly how many and which data are involved.

Who has an interest in data on the Corona vaccine?

It is also still unclear who is responsible for the attack. Experts suspect that secret services, for example from Russia or China, are behind the attack. However, this has not yet been proven. Nevertheless, there are indications that this was a state-initiated attack; The initial approval of an effective and low-risk Corona vaccine is more than just a prestige project for a nation; it is of great economic value. For one thing, patent sales have a direct impact on the national economy. For another, an effective vaccine can ease lockdown regulations, which additionally allows the national economy to recover more quickly.

Biontech and Pfizer emphasize that no data were stolen that would allow conclusions to be drawn about individual test subjects. EMA also announces that the incident has no impact on the further approval process.

Can such attacks be prevented in the future?

Nevertheless, the cyberattack shows how important increased IT security standards are for all organizations in a chain: Biontech and Pfizer’s IT systems are very well secured, experts say. The company emphasizes that it could not notice any activity on their systems. This shows that the hackers did not focus on the well-secured private sector systems. But on the less well-secured ones of the EU authority.

Data protection experts have previously complained, particularly for the healthcare sector, that important data is often only secure in the government’s own system. It is not advisable to assume that upstream and downstream systems meet the same security requirements. This has been proven once again by the current incident. The introduction of a uniformly high-security standard in public institutions as well would therefore be beneficial.

You can read more about data protection problems in IT in the German healthcare sector here.

In this blog article, we have summarized why the healthcare sector is coming under the scrutiny of hackers, especially in times of a pandemic.

Critical Infrastructure

Critical infrastructure – Critical cybersecurity

Critical infrastructure in Germany is currently particularly at risk when it comes to cybersecurity. According to the Frankfurter Allgemeine Sonntagszeitung, 141 successful cyber attacks were reported until the beginning of November 2020. Of these, 43 were directed at healthcare providers. Last year there were 121 successful attempts in the critical infrastructure report and only 62 in 2018.

In addition to the healthcare sector, energy and water suppliers, banks, and insurance companies are also affected. In most cases, such incidents are so-called ransomware attacks, which result in a ransom demand for the decryption of data.

Experts cite the crisis resulting from the Corona pandemic as one of the reasons for the increased number of cyberattacks on companies in the so-called critical infrastructure. Medical institutions in particular still have an increased need for action in the area of IT and cybersecurity. At least 15 percent of IT investments should be spent on IT and cybersecurity.

In this article, we have summarized why the healthcare system is so at risk and what exactly such an investment could look like. Viruses in hospitals – Cybersecurity in the Corona pandemic

Because, of course, similar protection scenarios apply to critical facilities as to the health care system.

CRITIS as a worthwhile target

The advance of digitalization also opens up potential security gaps for attackers. While states were initially particularly interested in overriding the security mechanisms of “enemy” states, this is now increasingly being observed by private groups. Securing the IT systems of CRITIS operators is not an easy task. On the one hand, these are private-sector companies of various sizes. On the other hand, the IT structures used have a long life cycle, which is why they often do not have the necessary security updates or do not have them promptly. Since 2016, all operators of companies that are part of CRITIS have been required to provide a 2-year security proof of their infrastructure. However, considering the frequency with which malicious software is developed, it is strongly recommended that relevant security updates be carried out more frequently. And to initiate in-depth preventive measures to secure your systems.

Especially the protection of the attack target “human” is part of a valid security concept. Because often the technical security measures are high and strong; but they do not protect against the intervention of the (inexperienced) user. These include successful phishing attacks, especially so-called spear-phishing campaigns, which make targeted use of social engineering techniques. We, therefore, recommend regular and in-depth employee training. As well as the establishment of strong multi-factor authentication rules to protect your system from the human factor in the best possible way.

Webinar

Webinar – Cybersecurity for the “human factor” in medium-sized businesses

Surely you have already encountered the terms “social engineering”, “phishing” or “CEO fraud” and you have a rough idea of the consequences of such attacks on your company. But how do hackers operate? How severe is the threat of Social Engineering for German SMEs? And above all: What measures should you take to increase your cybersecurity?

In our webinar, we will give you an overview of the threats so that you can make a realistic risk assessment. The focus of this webinar will be the human factor, without which cyber attacks today can hardly be performed.

We will show you typical manipulative procedures as well as simple and straightforward measures for prevention and protection. After all, it is important to act proactively to prevent a Cyberattack: That saves you time, money, and nerves!

 

Date: 11.12.2020

Time: 11:00 AM

Place: online

Referent: Marc Pantalone, Business Development Manager, HWS Informationssysteme GmbH

Register by writing an email to

 

The webinar will be in the German language.

We are looking forward to meeting you!

Mimikatz

Mimikatz – a cute name, but a dangerous Offensive Security Tool

The Windows security tool Mimikatz may have a cute name – but it also has a great potential for damage. It was originally developed to demonstrate the security vulnerabilities of Windows systems, as there is a gap in the authentication process. It quickly evolved from a tool for white-hat hackers to one for black-hat hackers. Nevertheless, even today, admins still use the tool to detect and then close security holes in their own systems. Therefore, Mimikatz is one of the best known Offensive Security Tools (OST), which is freely available as open-source.

How does Mimikatz work?

With the help of Mimikatz, it is possible to read passwords, PINs, and Kerberos tickets from Windows systems, which is why it is often used by malware attackers. For this purpose, Mimikatz uses the Windows Single-Sign-On function, which has the so-called “WDigest” feature. This feature is used to load encrypted passwords and their keys into memory. Especially companies or other organizations use this feature to authenticate user groups. Although WDigest is disabled by default in Windows 10, anyone with administrative rights can enable it. And thus read out the passwords of the user groups using Mimikatz.

This makes the software a powerful tool for hackers

Root Access is required to successfully introduce Mimikatz into a system. Once the software is in the system, there are different ways how Mimikatz can work:

Pass-the-hash – In earlier versions, Windows saved passwords in a so-called NTLM hash when logging in. Attackers can therefore use Mimikatz to copy this exact hash string and use it on the target computer to log in. The password does not even have to be known for this, since this character string is sufficient for authentication.

Pass-the-Ticket – Newer versions of Windows no longer use an NTLM hash for authentication, but so-called Kerberos tickets. Mimikatz is now able to read this ticket and pass it on to another computer so that you can log in there as this user.

Over-Pass the Hash (Pass-the-Key) – With the help of the key obtained in this way, hackers can pretend to be users who can be accessed via a domain controller.

Kerberos Golden Ticket – A golden ticket gives you domain administration rights for each computer on the network. Perfidious: Golden tickets do not expire.

Kerberos Silver Ticket – Kerberos gives a user a TGS ticket that is used to log on to all services on the network. This is possible because Windows does not check TGS tickets at every login.

Pass-the-Cache– In general, this is the same tactic as a pass-the-ticket attack. However, no Windows system is compromised here, but the stored and entered login data is used on a Mac, UNIX, or Linux system.

To protect your system

Ideally, Mimikatz should not be able to access your system at all. A prerequisite for an initially secure Windows system is an upgrade to Windows 10 (or at least 8.1). If this is not possible, it is at least advisable to disable WDigest manually, although this should probably only be a small hurdle for a skilled attacker. Regardless of the Windows version used, a configuration of the Local Security Authority (LSA) is necessary.

Unfortunately, an overriding admin password is still common practice in companies today, although this is a well-known security hole. Every Windows machine needs its own unique administrator password. The combination of LSASS and safe mode makes Mimikatz ineffective under the newer Windows versions.

You should also educate your employees about the dangers of phishing emails and limit the use of macros,

Discover mimic cat

Detecting facial expressions is a difficult task since most detection solutions do not work with the software. The only real solution to reliably identify Mimikatz is to specifically examine your own system for it. The use of a manual network monitoring component is therefore highly recommended.

So what to do?

In the end, Mimikatz remains a highly dangerous and efficient tool for hackers that can easily slip past automated security checks. It is therefore the human being’s duty to remain vigilant. Simple security installations like unique admin passwords for each machine. Only necessary admin and remote access and multi-factor authentication, which does not work with the logic of Windows systems, form a strong hurdle.