Russia’s war of aggression on Ukraine has already lasted three weeks, and for the first time this war is taking place both territorially and throughout cyberspace. In the meantime, German companies are also feeling the conflict first-hand in the form of cyber threats. We have compiled the most relevant events and news for you at a glance.

Increased incidence of phishing emails related to the Russia-Ukraine conflict

In recent weeks, there has been an increase in phishing attempts related to the current conflict.

For example, phishing emails that look deceptively real are sent in the name of banks. The authors pretend to want to verify whether all of the bank’s customers comply with the EU’s sanctions against Russia. In this context, the personal data is requested to be confirmed by a specified date. Otherwise, the account will be threatened with closure. The email contains a link that supposedly leads to the bank’s website. Behind it, however, is a fake website for tapping customer data. The result can be an empty bank account, the installation of ransomware on company computers or the publication of sensitive data on the darknet. We advise: Do not click on the links in such e-mails. It is better to approach it with a healthy caution and contact your bank. They can tell you whether such an email has actually been sent – banks often send this type of information in paper form – and if in doubt, they are grateful for this kind of hint.

There are also warnings about fake websites that call for fundraising campaigns to support the Ukrainian population or refugees. According to the German Federal Office for Information Security (BSI), potential victims are asked to transfer money that is supposed to help people flee embattled cities and areas in Ukraine. However, the money does not reach where it is needed. Again, avoid clicking on the link in the email. If you still want to help with a donation, do so directly via the website of a corresponding aid organization.

Cyberattacks on German companies have increased

German companies have become more the focus of cyberattacks in recent days. A direct example in the current conflict is the attack on the German branch of Russia’s largest oil producer Rosneft. According to the hacker collective Anonymous, for example, in the course of a large-scale, politically motivated cyberattack on the German branch of the state-owned oil giant, the hacker collective Anonymous was able to capture 20 terabytes of data – including backups of the laptops of the company’s executives – and delete the data of 59 business mobile phones. The BKA is already investigating, and the BSI has also intervened and issued a warning to other companies in the oil industry. Anonymous emphasizes that neither critical infrastructures were endangered nor control functions were affected in the attack.

The German branch of the Japanese automotive supplier Denso was also the victim of a cyberattack last week. According to the company’s own information, the infected computers were cut off from the company network, and production was not affected. According to media reports, the criminal hacker group Pandora is responsible for the attack and is said to have already threatened to publish the company’s trade secrets: among the 1.4 terabytes of data are technical drawings of Desno. A connection to the war of aggression in Ukraine has not been confirmed, but cannot be ruled out either.

Germany’s digital companies also expect an intensified threat situation. According to a survey by the digital association Bitkom , one in three digital companies has already ramped up its security measures at short notice. In addition, one in three of the 100 companies surveyed has set up its crisis team for emergencies or created corresponding responsibilities.

BSI warns against the use of Russian virus software

On March 15, the German Federal Office for Security and Information Technology (BSI) published a warning regarding the use of antivirus software from the Russian manufacturer Kaspersky – with the recommendation to replace the applications with alternative products. The reason: The antivirus software has extensive system permissions and must therefore maintain a permanent, encrypted and unauditable connection to the manufacturer’s servers. Accordingly, trust in the manufacturer and his authentic ability to act are essential so that such systems can be used safely. If this is not the case, the use of the programs could involve considerable risks for the company’s own IT infrastructure. A Russian IT manufacturer could be forced to carry out offensive actions, become active itself or its knowledge could be misused as a tool for attacks on IT infrastructures. This could affect all users of the programs. If, for example, IT security products were to be shut down without warning, this would mean defenceless delivery against cyber attacks. However, there is no immediate risk at the moment, as Kaspersky’s servers are located in Switzerland. If you need advice on this topic, you are welcome to contact us by phone at 030/95 999 80 80 or by e-mail at info@perseus.de. We will provide you with further information on this topic in a timely manner.

Perseus Expert Opinion

Monika Bubela, Ciso at Perseus Technologies, recommends that companies be extremely vigilant: “For the first time in history, a war is taking place in the immediate vicinity as well as in cyberspace. At the moment, the main focus of cyberattacks is primarily on war-related actions, but the situation can change at any time – and so can the focus of the targets. Therefore, I advise all companies to exercise extreme caution. Sensitize your employees to possible phishing attacks based on social engineering. Make sure your system is protected from DDOS attacks and handle information critically. The important thing is that you can assess the risk of your company and take appropriate measures – not only in the current situation, but also in the long term.”

Even though no threat to information security is currently seen in Germany, these examples show that the impacts are approaching and that the current situation is above all opaque. Stay vigilant and take appropriate protective measures. You can read Monika Bubela’s complete expert assessment here .