The BKA recently published frightening figures: There were over 108,000 cases of cybercrime. There is an increase of 7.9 percent compared to the previous year, whereby only every third case can be resolved. But the number of cyberattacks is not only increasing in Germany; More and more companies, authorities, and public institutions are being affected worldwide. The perpetrators use new methods to gain access, which is why we should also think about alternatives. One of them could be the increased use of open-source.
After work, a quick hike to the supermarket, run the last errands, and start the evening. For many of us, it’s normal life. But how quickly this everyday life can be disrupted was shown in July 2021 in Sweden. Several people suddenly found themselves in front of closed doors when a nationwide supermarket chain had to close almost all branches in the country. The cause was thousands of kilometers away: A desktop management tool from a US company used around the world was attacked and paralyzed by the REvil hacker group. More than a million computers were affected, according to the gang, and asked for more than $ 70 million to be released. Fortunately, the American company did not respond to the request and instead hired a security company.
There was a similar case just a month earlier. There is a Brazilian meat company with branches around the world. Production in the USA and Canada was severely impaired, and in Australia at times even completely paralyzed. Here the perpetrators demanded around eleven million dollars in bitcoins, which the company got involved in. The global corporation later wrote that it had been a difficult decision, but above all, that possible risks for customers should be eliminated. A complicated matter: give in to the hackers and possibly encourage further acts of this kind? Or risk the supply or health of people? After all, there are enough examples in which human life was endangered.
There was a relatively lucky case in February 2021, when a drinking water system in Florida was affected. Hackers had gained access to the plant’s systems and increased the amount of sodium hydroxide to a dangerous level. This agent is usually used to remove metals from the water and control the acidity, but it can be harmful to health in excessive amounts. In this example, those responsible were able to intervene in good time before someone was harmed. However, this is not always the case.
The police later determined that the attack was probably against Heinrich Heine University. Nevertheless, the investigators found a so-called loader in the system of the university clinic, with which the malware DoppelPaymer was smuggled – which led to the failure of the IT and server. On the night of September 11th to 12th, a woman in mortal danger was admitted to the hospital. However, those responsible on-site had to turn away the ambulance because treatment was impossible without functioning systems. After a 30-minute detour to the hospital in Wuppertal, the woman unfortunately died shortly after arrival.
Hacker attacks with a fatal outcome have been the exception, but they show what a dangerous course such an incident can take. Not quite as tragic, but very annoying was the first cyber disaster that the Anhalt-Bitterfeld district announced in July 2021. Since the administration no longer had access to the computers, the roughly 160,000 residents initially had to get by without social benefits, vehicle registrations, or application permits. To solve the problem as quickly as possible, those responsible finally decided in favor of the disaster. In this way, other authorities could be involved rapidly and without long official channels.
Hackers also like to get involved in politics. During the last US election campaigns, the Strontium hacker group published emails from the Democrats to promote targeted disinformation campaigns – experts say “Hack & Leak.” In this country, too, fear of it grew due to the general election in September. And in fact, Federal Returning Officer Georg Thiel caught it twice shortly before the election – but without any significant consequences.
All of these examples have taken place in the past few months alone. They are only an excerpt from the excerpt that is being made public. Hackers affect us all in some way. And their approach is becoming more and more unscrupulous.
Refined And Bold
Many people are already aware of this, but it cannot be said often enough to avoid suspicious emails and files. Phishing emails may be a hacker’s scrap, yet they often lead to success for the perpetrators. One wrong click can ultimately be enough to trigger a far-reaching chain reaction. To gain access to valuable data or paralyze the vital systems for companies, cybercriminals are always coming up with new ways.
As an extension of the classic phishing emails, there were more social engineering attacks during the corona pandemic. The hackers take advantage of socially relevant topics – in this case, emails informing about alleged corona measures. And then it goes one step further: The victims are lured to mock HTTPS pages, where they can enter their data without worrying. Transport encryption should ensure a secure transmission, but that doesn’t help much if the criminals make a website look deceptively similar.
Hackers also like to use so-called distributed denial-of-service attacks (DDoS), for example, to overload a company’s systems with countless inquiries. Such an incident is just annoying for those affected because all functions fail temporarily but work again after a while without much effort. For the perpetrators, however, such an approach offers valuable knowledge: They get an insight into the countermeasures of a company, can circumvent them later, and strike in a targeted manner.
And now?
Hackers will constantly adapt flexibly to the latest firewalls and antivirus programs. Sometimes they even see it as a challenge to find new gaps and weak points in the software. To minimize this risk, experts have long recommended the increased use of open source technology.
What is that? The source code is the basis of every software – it contains the various commands and functions of the program. In the digital stone age, code was still the secret treasure of different companies and developers. Since the 1980s, however, the source code has increasingly been made freely accessible to all users, primarily through Linux and the GNU project. You can view, use and edit it. Each user can track the various steps in development, discover errors and make improvements. This ensures transparency and the exchange of knowledge and also brings other advantages.
Weak points in a code can be discovered and remedied more quickly through the collaboration of entire communities. With the support of the companies behind such programs, there is usually not much time between discovery and correction. In the case of the Düsseldorf University Clinic, that might even have saved a life. In a press release, the hospital announced: “The security gap was in an additional commercial software that is customary on the market and distributed around the world. Until the software company finally closed this gap, there was a sufficient window of time to penetrate the systems. “
Disclosing a source code sounds paradoxical at first – as if all doors were opened for hackers. The opposite is the case here: the option of auditing enables independent experts to close security gaps before they are exploited. The cyber gangs can be denied access before they can do anything. With proprietary software, this would not be possible in such a short time. Of course, hacker attacks cannot be eradicated forever in this way, but in combination with classic security programs, open-source would be an essential step towards more security.
That is why those responsible for the GAIA-X program decided to promote open source. This joint European project is intended to ensure a competitive and secure data infrastructure in Europe in the future. When it came to the recent tender for the cooperation platform, those involved set a vital signal: It was not the industry giants from the USA that won the bid, but a German company that relies on open source. And so, we should continue on the digital path – confidently and securely with open source.
Also Read: Protect Your Data From Ransomware Attacks