2021 has been a turbulent year – also when it comes to cybersecurity. What can we learn from previous events for 2022? We’ll tell you in this blog article.
1. Emotet is unfortunately not yet defeated.
In early 2021, the good news was that the infrastructure of the Emotet macro virus Trojan had been destroyed. By that time, the world’s most dangerous malware had already cost millions. Worldwide, the damage caused by Emotet even amounts to an estimated 2.1 billion euros. The distinctive feature of Emotet was deceptively genuine-looking emails, most of which contained malicious software in an attachment. Once installed, Emotet was capable of downloading further malware onto infected computers. However, the takedown of Emotet was unfortunately not final. Since the end of 2021, Emotet activities have been monitored again, including the sending of fake emails. Like in the past, Emotet sometimes quotes genuine previous emails.
You need to be extremely vigilant again with all emails that contain Office documents with active content (macros), password-protected ZIP archives, or links.
Learning: The thorough handling of e-mails and their contents as well as attachments remains extremely important. Emotet makes it particularly difficult to detect forged e-mails, so utmost attention is required.
Additional tips: In this Emotet threat alert, you can learn more about the malware and what to look out for. As a macro virus Trojan, Emotet is often spread via Office documents. Here you can find important tips on how to handle such documents cautiously.
2. Even the smallest company can attract cybercriminals.
In 2021, several security vulnerabilities were disclosed that affected companies of all sizes worldwide. Critical vulnerabilities in the commonly used Microsoft Exchange servers were one of them. Additionally, security vulnerabilities were discovered in the Java library Log4j. This is a component of many programs and is therefore widely used. Cybercriminals can exploit these vulnerabilities very easily. They search the Internet for corresponding servers and computers. For example, to steal data, install ransomware, or carry out cryptojacking.
Even the smallest companies are interesting for cyberciminals to roll out this sort of attacks. After all, they too have criminally exploitable data. They, too, are dependent on functioning IT, so that ransoms can possibly be extorted. And they also have computer resources that can be misused to mine cryptocurrencies.
Generally speaking, the easier it is to carry out attacks, the more at risk small companies are, where there is supposedly “nothing to get”. After all, many successful small attacks mean considerable profits for cybercriminals.
Learning: Make sure that your entire system is always up to date – no matter how small your company is. Install all patches and updates immediately. Since many different programs use Log4j, every single update can be critical. If you use Microsoft Exchange servers, check them separately.
Additional tip: Our blog post “Hacked – now what?” will help you minimize the damage when your system is attacked.
3. After a ransomware ransom payment, data is rarely recovered in full.
A large, international survey showed what was previously empirical knowledge at Perseus: ransom payments are unfortunately no guarantee that extorted companies will get their data back in full. On the contrary, this was the case for only 8%. Why? Among other things, because for some ransomware there is no decryption program at all. For others, decryption does not work or does not work completely due to software bugs.
In our opinion, all companies need to be aware of this fact – especially given the often exhaustingly high ransom sums. Last year, for example, a $240 million ransom was demanded after the cyberattack on MediaMarktSaturn, which was reportedly negotiated down to $50 million. Whether MediaMarktSaturn paid the ransom is unknown. But even a week after the attack, stores were still not operating normally.
Learning: rely on up-to-date backups to fully restore your data even in the event of a ransomware attack. Always keep at least one backup physically separate from your system so that it is not also encrypted in the event of an attack.
Additional tip: Always create multiple backups using the 3-2-1 strategy.
4. Even highly secured clouds are not infallible.
Reputable cloud services offer very high security standards. The fact that, despite all the meticulousness and expertise, failures can also occur here was demonstrated at the DATEV data center at the beginning of November. On two consecutive days, there were server failures and errors in document processing. The cause was not – as many initially suspected – an attack, but two software errors that coincided in an unfortunate way. The effects also made it difficult to communicate the disruption widely.
Learning: There is no such thing as 100% error-proof, not even for services that are justifiably highly respected. Therefore, even if you have high expectations for a service, consider how you might best respond to a short-term outage.
Additional tip: Reduce potential cyber incidents by being security-conscious with your cloud.
5. Smartphones are also interesting for cybercriminals.
For technical reasons, smartphones are a challenge for cybercriminals. In 2021, however, a particularly large number of users came into contact with compromise attempts – in the form of text messages. The messages often originated from a supposed parcel delivery service and requested the download of an app. Supposedly to track a shipment. But this app was malware, including banking Trojans such as TeaBot. Via such malware apps, cybercriminals can, among other things, live stream a smartphone’s screen, record input, and start text messages – for example, during online banking. However, cybercriminals cannot remotely install these apps on a smartphone. Therefore, they try to get users to do so, for example, via SMS.
Learning: If possible, only install apps from official sources, i.e. from the official app stores or directly from the provider. Ignore links in SMS messages and always take the detour via the app store or the provider.
Additional tip: You can find detailed information on the strategies of cybercriminals and how to protect yourself against them in our blog post on smishing.