During the coronavirus crisis, criminal hackers have increasingly attacked companies in order to extort ransoms. This is the conclusion of a research report published on Monday by the Criminological Research Institute of Lower Saxony (KFN). Working from home and the use of private hardware and software were frequently identified as weak points.

Employees working from home receive emails infected with malware, for example. They also often receive messages from supposedly reputable senders with which fraudsters want to obtain passwords, for example. Companies with a strained economic situation are particularly at risk, as they are less likely to take additional IT security measures.

Targeted search for victims

"This is a highly professional business based on the division of labor: attackers rent a Trojan and send phishing emails to thousands of potential victims," explains expert Rüdiger Trost from the security company F-Secure. "If a computer is infected, it serves as a bridgehead into the company network. The attackers continue to move around the network, identifying and infecting other computers. And they try to find out which company they broke into in order to determine the ransom amount."

This scam is also reflected in the KPN statistics: the authors of the report surveyed a total of 5,000 companies with more than ten employees in 2018/19. More than 600 companies took part in a follow-up survey between July and September 2020. 60% of them reported that they had had to respond to at least one cyberattack within a year. This does not include attacks that were automatically blocked by a firewall, for example. In 85% of cases, the cyber criminals were stopped at an early stage of the attempt.

Companies shy away from effort

The figures confirm the fears of the German Federal Office for Information Security (BSI). The malware Emotet was the main contributor to the high level of damage in Germany. Emotet was even crowned the "king of malware" by the BSI. However, in January, after more than two years of investigation, investigators managed to strike a blow against the Emotet criminals. The infrastructure of the malware was also "taken over and disabled". However, this did not mean that the blackmail programs disappeared from the world. Cyber attackers are constantly finding new ways to attack companies and organizations in particular.

The criminologists in Hanover have at least observed a trend that most companies with ten or more employees are taking basic measures to protect themselves against cyber attacks. These include firewall protection, regular backups, up-to-date anti-virus software and regular security updates. However, organizational measures such as IT and information security guidelines, security training or certifications are less common. Companies also often shy away from regular vulnerability analyses and simulations of the failure of important IT systems.

Corona: working from home creates many vulnerabilities

According to the study, the situation for IT security in companies changed abruptly at the start of the coronavirus crisis in the first quarter of 2020: opportunities to work from home were spontaneously created, with over two thirds of companies (68.0%) offering this to their employees. As a result, the proportion of companies allowing the use of private software and hardware for business purposes rose to just under a third (30.8%).

The fact that this course was associated with security risks also dawned on some managers: Around a fifth (20.1%) took additional measures to increase cyber security. These include, in particular, setting up and securing access options in a protected data tunnel (VPN). Many companies also procured additional software and hardware so that employees working from home do not have to work with private equipment that is less secure against external attacks.

However, the researchers in Hanover fear that the gradual return of employees to the company offices will not put an end to the increased risk. At least that is the view of many of the managers who were surveyed: Over half of the companies rated the risk of a damaging, untargeted cyberattack in the next twelve months as "very high" or "fairly high".