A typical attack on the IT infrastructure of companies is carried out in 3 steps.

  1. Search for vulnerabilities
    Attackers first look for vulnerabilities in the system. This can be unbiased emails to employees, e.g. an inconspicuous invoice email to the accounting department. Network printers with open ports, IoT devices with old firmware or even routers whose known vulnerabilities have not been closed. In addition, danger can come from websites that have already been infected with malicious code and whose operators do not have enough resources to constantly pay attention to the security of their own websites.
    Once the malicious code has been installed on a device in the network, it spreads quickly so that by the time it is discovered on one device, e.g. by anti-virus software, it is already installed on enough other devices. In this first phase, nothing happens yet. The malware is merely the bridgehead for further attacks. It copies itself to more and more devices and thus obtains additional rights within the network.
  2. Installing malware
    After spreading in the network, the malware loads various tools, e.g. to spy out passwords or remotely control devices. Depending on the type of attack, a wide variety of software components can be loaded onto the compromised devices. Due to the malware’s already acquired “rights”, the download of malware is not recognised as a threat.
  3. Enforcement
    The execution of the attack on a corporate network can vary greatly. For example, principals of the attack may be interested in trade secrets and information. The data is usually compressed on the affected computers and then sent to an address outside the company network. Criminals can encrypt data carriers and only release them after payment. Some attacks aim to drain computer power and bandwidth to produce cryptocurrency, for example, or to carry out DOS attacks against other systems. One thing most attackers have in common is that they have a lot of patience. It can take a very long time for those affected to realise that their system has been compromised.

How can you protect yourself from such an attack scenario?

  1. Basic protection
    Basic protection is provided by security solutions, e.g. from Symantec, GDATA or Bitdefender. There are client solutions for each individual computer or network solutions for all devices. The Bitdefender Box is such a network solution. It offers protection for all devices, e.g. surveillance cameras, laptops, tablets within a WLAN network.
  2. Attentive employees
    The best firewall or security software can only work if the employees or users adhere to certain rules. For example, no private data carriers or smartphones should be used within the network. Furthermore, attention should be paid when opening e-mail attachments. Even with known senders, malware could be hiding within the email, so users should not only check the alias name, but also the actual email address.
  3.  Back-ups secure business operationsComplete protection will not exist. Careless or malicious employees can put a company at risk. To ensure that business operations can continue in the event of an emergency, data backups are essential. This way, in the event of a network-wide attack, it is possible to restore to a backed-up recovery point and restore most of the data. Simple back-up solutions are offered by Windows, for example, but we recommend better and above all automatic back-ups from EaseUS.