IT systems in critical infrastructure sectors (Kritis) are by no means immune to cyber attacks. This is what the federal government wrote in a now published response to a request from the FDP parliamentary group. In the health sector with a focus on hospitals, the number of hacker attacks rose from eleven a year 2018 to 16 in 2019 to 43 in the current year. That is an increase of over 50 percent since January alone.
Missing data At the same time, the number of such attacks in the energy sector increased from four to ten 26 in the past three years. The number of IT attacks on the state and administration is significantly higher 70. The increase is at least lower here: 2019 the authorities recorded 63 Critical incidents.
The figures for other Kritis sectors are comparatively low: In finance and insurance, according to the template 2019 six attacks and eleven so far this year. In the transport and traffic sector, the number even fell from ten to eight. Overall, there is talk of 171 IT attacks on Kritis institutions, while in the previous year 121.
According to its own information, the lead Federal Ministry of the Interior has no information on hacker attacks on blue-light authorities such as the police and fire brigade. It cannot provide reliable figures on the number of ransomware attacks with encryption Trojans like Emotet since 2015, as well as statistics on investigative and main proceedings initiated. In the area of cybercrime in general, as well as for attacks on Kritis in particular, “a high number of unreported cases must be assumed”.
Old devices, few updates The government uses the term hacker attacks to include the exploitation of vulnerabilities, hacking and manipulation, malicious programs (malware), “targeted, multi-stage combined attacks” (APT) and the blocking of services. At the same time, she points out that only Kritis operators are required to report to the Federal Office for Information Security (BSI) if faults are detected.
The group of those affected is to be expanded with the IT Security Act 2.0 will. In clinics, the interior department primarily identifies the vulnerability of IT systems due to the use of medical devices with partly outdated and no longer updatable operating systems as a problem. In addition, hospitals are operated as open facilities with comparatively little physical security. The network connection by external service providers as well as the involvement of research and teaching in the area of university hospitals also posed risks, since these ultimately “result in a parameter that is not completely closed”.
Production facilities are generally often industrial Control systems are characterized by long terms and investment cycles, it continues. Security updates are often no longer sufficiently available. In addition, there is the dependency on individual manufacturers and the IT security functionalities of their products in various areas.
Bought-up attacks In September, a cyber attack on the Düsseldorf university clinic made headlines. The perpetrators are said to have smuggled the DoppelPaymer malware into their IT system, 30 server and left a ransom note with a ransom note. Actually, however, they probably wanted to meet the Heinrich Heine University on site and gave out the keys for the data unlocking. Nevertheless, operations had to be canceled, a life-threatening patient admitted to another hospital, where she died shortly afterwards.
The time required to go from emergency to normal operation in such a case, depends, according to the information, on the “depth of the compromise, the complexity of the existing network infrastructure”, the amount of data available and the available human resources. Often one goal is to introduce more effective protective measures or new software versions at the same time, which prolongs the procedure. Basically, the process often takes “several weeks”.
The “localization of cyber perpetrators” is “difficult due to the Internet’s scope of action,” states the government. Even who is behind it is usually not easy to identify. In the field of phenomena there is “a high division of labor between those involved and a specialization of individuals”. Cyber criminals often acted in an order and service-oriented manner. This enables even less IT-savvy criminals to “carry out more technically complex crimes”.
(kbe)
