Companies are confronted with new challenges in the course of progressive digitization. Reports of digital attacks are increasing and not only private individuals are affected by the increasing cybercrime. In November, the electronics chains Media Markt and Saturn reported attacks that paralyzed the company’s internal servers, which can not least be attributed to insufficient patch management.
Large companies as targets for cybercriminals
The markets of the Ceconomy AG Group are also not immune to cyber attacks, as the latest company reports have shown. Overnight, the company was the victim of a cyber attack that affected all of the company’s national subsidiaries. For example, merchandise management systems and POS systems are damaged. The breakthrough of numerous Windows servers took place via infection with a crypto virus. In total, the damage amounts to over 3,100 infected servers. In addition to the system separation of the cash registers, the attack restricted the computer use of all branches. Although the online shops ran smoothly, the ransomware prevented pick-ups, returns or orders of goods via the system. Whether and to what extent there was a breakthrough of private customer information has not yet been fully clarified.
Not only Mediamarkt and Saturn, but numerous other companies are the focus of criminal gangs operating on the Internet, some of which cause massive losses. In the USA alone, the criminal organizations extorted around 600 million US dollars in the first half of 2021. In this country, cybercriminals also caused problems for local administrative authorities, among other things. In the case of the presented case, it was a ransomware called Hive – a new actor in the Darknet.
What is ransomware?
Ransomware is malware that is installed on a system unnoticed by third parties. Installed on the system, the ransomware causes a suppression or restriction of systems and data via encryption. Criminal gangs demand the payment of a ransom in mostly digital form, for example in Bitcoins, for the decryption of the data. After payment, the activation of the data takes place purely theoretically – but there is no guarantee for this. The Federal Office for Security categorically opposes the payment of ransom demands.
The ransomware itself reaches a system via phishing emails, for example. Programs recorded in this way open the doors to further malware from the Internet. For these purposes, cybercriminals spy on companies in advance. The consequence of an attack is a complete compromise of the system or network. Backups are not spared. A complete cleanup of a network can take several months. Especially for smaller companies, such breakthroughs can reach existential dimensions. In addition to the actual loss of data, the loss of reputation is also quite possible.
System security through ideal patch management
Security incidents are usually based on insufficient patch management. It is not for nothing that patch management is a fundamental pillar in IT security. In general, a patch is intended to close security gaps in order to rule out security breaches. Very often, however, patches are only available late. A prerequisite for successful patch management is first and foremost timely action. The following guidelines must be observed during planning:
1. Integration of preventive measures: Optimal patch management is ideally part of a package of security breach prevention solutions based on cloud technology. In addition to asset inventory, this package ideally includes vulnerability management. Problems arise due to the isolation of patch management, which prevents a rapid bridging of security gaps and slows down the correlation of patches with vulnerabilities.
2. Promoting proactivity: The introduction of emergency patches is the exception, not the rule. Proactive and forward-looking action eliminates security gaps in their creation. An optimal software performs patches routinely in the manufacturer cycle, which ensures up-to-date and continuous protection.
3. Central control and transparency: Patch processes must be documented and observed without fail. Lack of necessary information leads to delays and unnecessary security risks. Missing patches are to be discussed immediately on all assets. In the best case, the tracking of the necessary information is carried out through a central node.
4. Correlation of patches and vulnerabilities: An optimal software shortens the reaction times in the elimination of vulnerabilities. An automated correlation closes security gaps immediately. Manual elimination of CVE vulnerabilities costs a lot of time. Automatically working software detects missing patches and plays them in automatically.
5. System-independent patch management: A good tool supports numerous systems and products, so that the creation of an overall overview is possible with the help of a tool.