Deutsche Version English Version

Cyber security


Mr. Jung, DDoS attacks are among the oldest forms of cybercrime. How dangerous is this form of attack at the present time?

Criminals have been using Distributed Denial of Service (DDoS) attacks to close down systems for more than 15 years. But whereas earlier attacks mainly targeted gaming servers or e-commerce websites, nowadays they are aimed at all sectors of business and industry and every size of company or organization. And the number of attacks is growing alarmingly. Every day, the Link11 Security Operation Center (LSOC) registers over 100 attacks of this kind on targets in Germany, Austria and Switzerland. When tracking these attacks, LSOC is increasingly measuring peak bandwidths well in excess of 50-60 Gbps, with some higher than 100 Gbps.

What's more, the attackers are extremely resourceful in creating new infrastructures for the launching of DDoS attacks. They have access to an ICT infrastructure with increasing bandwidth and a growing number of internet-capable devices such as home routers, smartphones and cloud servers rented with false credit card information. In our view, DDoS attacks are becoming even more dangerous.

2. What damage can successful DDoS attacks cause?

Every day companies, websites and public institutions have problems with the availability and performance of their infrastructures as a result of DDoS attacks. The downtimes for these systems, which have little or only inadequate protection, can amount to several days. During the past few months there have been successful attacks in Germany on the iPad POS system orderbird, hosting providers Strato and Uberspace, remote PC support specialist Teamviewer, and the websites of the major German cinema chains.

The case of Swiss company Digitec has demonstrated clearly that the consequences of DDoS attacks can extend far beyond the website. The prolonged and recurring attacks against the online home electronics retailer in mid-March 2016 shut down both the online shop and the enterprise resource planning (ERP) system, with the result that the sales outlets and the call center which deals with customer service were also put out of action. Despite incidents such as this, all too few companies are taking precautions to protect themselves.

3. How can companies protect themselves against these attacks?

There are many different types of DDoS attacks. A simple attack can be warded off completely with little difficulty. On the other hand, there are new forms of attack on companies' network infrastructures. According to our analyses, these are increasingly complex attacks which exploit security gaps using special malware. Other attackers try to gain access by way of a very large bandwidth (more than 100 Gbps). Practical experience has shown that most firms are unable to counter the growing DDoS threat effectively with their current IT security systems. To solve this problem and keep pace with the attackers, a high level of financial and human resources is required, backed up by daily training.

The most reliable means of safeguarding companies against DDoS attacks is therefore to redirect data traffic via an external security provider. This type of professional DDoS protection has a highly developed filter center with specialists working 24/7 and with all the necessary resources to filter out unwanted data flows.


1. Mr. Wolf, what is meant by CEO fraud and how successful are the perpetrators?

The term "CEO fraud" denotes a procedure used by cyber criminals whereby the fraudster claims to be the boss of a company which he is in fact planning to defraud. By means of an (apparently) internal email, the fake executive confides a strictly confidential matter to a member of staff in "his" company. In order to gain the victim's confidence, a third person is introduced whose function is to monitor the contractual part. One of the two fraudsters then tells the staff member to instruct the bank to make a payment. The supposed reasons for this scenario can vary: a planned company takeover, fines due to public authorities, or an imminent tax fraud investigation within the firm.

The fraudsters insist on absolute discretion – and even threaten possible punishment. They manipulate their victims in writing and by telephone. Their aim is to secure large money transfers and if the ploy is successful it is repeated with the same victim until the swindle comes to light. Since 2013 criminals have pocketed around €150 million from German companies in just under 70 different cases. More than 180 reported attempts remained unsuccessful.

2. How can management advise personnel not to fall for these fraudulent tricks?

The most important thing is to teach staff about these fraudulent scenarios, so that they will recognize them if and when they occur. Companies should require employees to treat internal knowledge responsibly – and this also applies to the social media.

Those areas in which checks and controls are necessary can clearly be seen from the prevention and information measures that are taken. These controls must be carried out whatever the circumstances! This includes clear absence regulations if the CEO is not present in the company. Managers should instruct their personnel to use common sense when assessing an unusual situation which has arisen. This ensures that would-be fraudsters are thwarted before any damage can be done.

3. What can companies do if they have in fact been defrauded?

The first step is to get in touch with the company's bank immediately – especially if the payment has already been made. Companies can only be sure of recovering their money if it hasn't yet been booked to the recipient's account. Once the money has been lodged to their account, the only course available is to take legal action.

At the same time, it is important to undertake an inhouse investigation. The executives affected should only pass on the fraudulent emails to the police and their own IT department and should only use PDFs or printouts to give notice of the fraud internally. And a number of questions need to be answered: Have other members of staff received this email or telephone instructions? Is there possibly someone now working in the firm, in a subsidiary, or in the parent company who is taking instructions from the fraudster?

In many cases the staff member who triggered payment is wrongly suspected in the company of being some kind of "perpetrator". This simply serves to increase the degree of mental stress, which is already extreme. Instead, it is advisable to provide the staff member with psychological support and to draw up a detailed report from memory, after which this person should only be involved in the affair to the extent required by the ongoing inquiry.

With this as with all other cybercrime activities, the rule must be: the more companies which share their experiences, the easier it will be for them to protect themselves against attacks in the future.


1. Mr Benzmüller, what current developments are there in relation to virus protection and cyber crime?

Adware and potentially unwanted programs (PUP) are the most widely distributed types. They account for around a third of all infections. Displaying advertising banners is lucrative for criminals, but it is not regarded as malicious by the majority of users. This makes it a profitable business.

The most conspicuous change is in the area of ransomware. More and more varieties of Crypto-Trojans are appearing and the procedure varies. There is ransomware that encrypts every possible file in the personal environment. Other variants are aimed at companies and distribute themselves on the local network. Some encrypt the website and only enable users to access a page with a ransom note. Yet others encrypt access to the local network memory (aka NAS, Network Attached Storage). Or access to the Internet is disabled and a ransom is imposed.

A flourishing cyber crime economy has become established in the past 15 to 20 years, the turnover from which has long exceeded that of the drugs trade. The money obtained is invested in new attacks that are more and more frequently being planned and implemented professionally. Nowadays there is hardly a single aspect of our everyday lives where a computer is not used. The consequences of attacks are correspondingly more serious. Hence protection against attacks on computers is becoming more and more important for society.

2. What types of cyber crime can virus protection offer protection against?

Traditional virus protection is designed to detect automated attacks and fend them off, especially when they occur en masse. With its various components, virus protection software can protect against infections via traditional paths such as email, manipulated websites and via local networks and USB data media. Good virus protection software will prevent the computer becoming infected with adware or becoming part of a botnet and will stop sensitive data being lost. Special dynamic detection processes also offer protection against attacks via security holes and monitor online accounts during online banking.

Both, users of private computers and users in a business environment, are exposed to these risks. Other functions are important in companies, such as backups, patch management and mobile device management.

3. How can companies protect themselves from attacks most effectively, besides by using antivirus software?

Antivirus software is an important basic component of a malware protection concept. However, it is not sufficient for comprehensive protection from attacks. Virus protection is only effective if it is embedded into a full-fledged protection concept. This begins with access control to rooms and buildings and continues with the selection of the hardware, operating system and software. Furthermore there is the clean separation of network segments and the issuing of access permissions for users. Additional detection and protection technologies should be deployed for especially sensitive areas. The employees also play a particular role. No protection concept can be practically implemented without their cooperation. Hence it is essential to develop healthy security awareness among the staff through regular training.