The war between Russia and Ukraine has already lasted three weeks. For the first time in history, a war is taking place both on ground and across cyberspace. German companies begin to experience the conflict firsthand in the form of cyber threats. We have compiled the most relevant events for you at a glance.
Increased occurrence of phishing emails with reference to the Russia-Ukraine conflict
In recent weeks, more phishing attempts have been reported that are connected to the current conflict. For example, deceptively genuine-looking phishing emails are being sent in the name of banks, such as the German Sparkasse. The authors claim to verify that customers are complying with the EU sanctions against Russia. In the course of this, they ask to confirm personal data by a specified date. Otherwise, the account will be closed. The email contains a link that supposedly leads to the bank’s website. Behind it, however, is a fake website that collects and stores customer data. The result can be an emptied bank account, the installation of ransomware on company computers or the publication of sensitive data on the Darknet. We advise: Do not click on the links in such emails under any circumstances. Rather, approach them with a healthy caution and contact your bank. It will be able to tell you whether such an email has actually been sent. Keep in mind: Banks often send this kind of information in paper form and it might be grateful for this kind of information.
Further warnings have been issued about fake websites calling for donations to support the Ukrainian population or refugees. According to the German Federal Office for Information Security (BSI), potential victims are asked to transfer donations. However, the money does not arrive where it is needed. Again, avoid clicking on the link in the email. If you still want to help with a donation, do so directly via the website of a relevant aid organization.
Cyberattacks on German companies have increased
German companies have also become a target for cyberattacks in recent days. A direct example in the light of current events is the German subsidiary of the largest Russian oil producer Rosneft. According to their statement, the hacker collective Anonymous was able to capture 20 terabytes of data – including backups of the laptops of company executives – and delete data from 59 business cell phones in the course of a large-scale, politically motivated cyberattack on the German branch of the state-owned oil giant. The Federal Criminal Police Office is already investigating, and the BSI has also gotten involved and issued a warning to other companies in the oil industry. Anonymous stresses that the attack did not put critical infrastructure at risk, nor did it affect control functions.
The German branch of Japanese automotive supplier Denso was also the victim of a cyberattack last week. According to the company’s own statements, the infected computers were cut off from the corporate network – production was not affected though. Media reports state that, the criminal hacker group Pandora is responsible for the attack and is said to have already threatened to publish the company’s trade secrets: among the 1.4 terabytes of data were technical drawings of Desno. A connection to the war of aggression in Ukraine has not been confirmed, but cannot be ruled out either.
Germany’s digital companies also expect the threat situation to intensify. According to a survey by the digital association Bitkom, one in three digital companies has already ramped up its security measures in the short term. In addition, one in three of the 100 companies surveyed has set up its crisis team for emergencies or created corresponding responsibilities.
BSI warns against use of Russian virus software
On March 15, the German Federal Office for Information Security (BSI) published a warning regarding the use of antivirus software from Russian manufacturer Kaspersky – with the recommendation to replace the applications with alternative products. The reason behind it: The antivirus software has far-reaching system authorizations and must be system-dependent and therefore maintain a permanent, encrypted and unauditable connection to the manufacturer’s servers. Accordingly, trust in the manufacturer as well as its authentic ability to act are essential for such systems to be used securely. If this is not the case, the use of the programs could pose considerable risks to the company’s own IT infrastructure. The Russian IT manufacturer could be forced to carry out offensive actions, become active itself or its knowledge could be misused as a tool for attacks on IT infrastructures. This could affect all users of the programs. For example, IT security products could be shut down without warning. This would mean no technical defense against cyberattacks. However, there is no immediate risk at the moment, as Kaspersky’s servers are located in Switzerland. If you need advice on this topic, please feel free to contact us by phone at 030/95 999 80 80 or by email at firstname.lastname@example.org. We will provide you with further information on this topic in a timely manner.
Perseus expert opinion
Monika Bubela, Ciso at Perseus Technologies, recommends that companies exercise maximum vigilance: “For the first time in history, a war is taking place not only on the ground, but in cyberspace as well. At the moment, cyber attacks are focused primarily on war-related activities. But this situation could change at any moment, and with it, the targets of these attacks. I would therefore advise all businesses to exercise extreme caution. Raise your employees’ awareness of potential phishing attacks that use social engineering tactics. Ensure that your system is protected against DDoS attacks and be discerning when it comes to handling information. Being able to assess the risk to your business and take the appropriate action is essential. Not only given the current situation, but in the long term as well.”
Even though there is no current threat to information security in Germany at the moment, the examples show that the strikes are getting closer and that the current situation is intransparent above all. Remain vigilant and take appropriate protective measures. You can read Monika Bubela’s complete expert assessment here.