Cyber Security Blog

Dive with us into the world of hackers, data espionage, and attack defense - several times a week for free!

In early October, the ransomware group Black Basta attacked an IT service provider of the Deutsche Presse-Agentur (dpa), stealing the data records of 1,500 dpa employees as well as pension recipients of the dpa support fund. Two weeks later, the cybercriminals published the first sensitive data of the victims on the darknet. This incident is just one of many attacks associated with the notorious Black Basta ransomware - and there will be many more to come. That's because, as new research shows, the cybercriminals act very similarly to other aggressive hacker groups.

QR codes have been around for almost 30 years. Today, we scan the square codes with our smartphone as a matter of course to release bank orders, create a digital vaccination certificate or retrieve coupons. However, since QR codes are also used by cybercriminals for fraudulent purposes, you should not trust the little squares without limits. You should be especially careful if you receive a QR code via email: A sophisticated phishing attack could be hiding behind it. We show you how to recognize quishing attacks and protect yourself from them.

As practical, useful and indispensable as the Internet is, countless dangers lurk there. Cybercriminals mercilessly exploit any vulnerability, no matter how small, to infiltrate networks, compromise computers, steal identities or leak data. As more and more effective and multi-layered defenses against cybercrime are being deployed in the IT security arena with extreme reliability, humans remain the greatest vulnerability. Hackers usually choose the easiest way to get to their target - and that way is far too often through users. In this article, we highlight the risks that can arise from surfing the Internet and list eight criteria that can be used to identify a reputable and trustworthy website. Also learn how to best secure networks against cyberattacks.

If you understand what makes people tick, you can manipulate them. Psychological influence through sophisticated interpersonal interaction is known as social engineering - and is responsible for around 98% of all cyberattacks! The classic is the fake email that lures unsuspecting victims to fraudulent websites. Or criminals use false identities on social networks to obtain confidential information. Through targeted manipulation, social engineers get people to do things they wouldn't normally do. Nowadays, networks can be secured more and more reliably by versatile IT security solutions, but "human hacking" still remains the biggest vulnerability in cybersecurity. In this article, you will learn which social engineering tactics cybercriminals use and which tools attackers use to take over compromised systems.

For several days now, there has been a strong accumulation of successful compromises by the "QakBot" malware (also known as "QBot" and "QuackBot") worldwide. We have also already identified successful attacks as part of our ACD monitoring. After infection, criminals can gain access to online banking accounts, leak user data, and reload further malware. As one measure to mitigate the risk, we urgently recommend adjustments to the Group Policy Objects (GPO).

Cybercriminals are true masters at constantly adapting their attack mechanisms to effective IT security measures. New tools and iterative changes to existing malware are used to mercilessly exploit security vulnerabilities. Among the numerous threats, ransomware stands out as one of the biggest. More and more companies have to face extortion Trojans. A completely new threat called LockFile now relies on intermittent encryption. LockFile not only encrypts much faster than previous ransomware, but also bypasses security solutions that work reliably. This article shows why criminals are increasingly relying on intermittent encryption and how companies should react to the new threat.

In 1972, a Canadian IT consultant named Ian Sharp ventured a prediction that would go down as one of the biggest miscalculations in computer technology. At the time, Mr. Sharp was rock-solidly convinced that "e-mail was a totally unsaleable product." Today, 50 years later, electronic mail has become the most important digital communications tool of all. More than 200 billion e-mails will be sent in 2022 - and that's every day. But e-mail has not only become indispensable for communication between private individuals or companies; it is also used frequently and with pleasure as a marketing tool. The German economy invests around two billion euros in e-mail advertising every year. Despite or perhaps because of its long history, e-mail is still surrounded by security myths. In this article, we have summarized the five biggest security errors in dealing with e-mails. Not surprisingly, email is still one of the main gateways for cyber attacks on companies.

Whether white-hat, black-hat or grey-hat: the basis for successful hacking is always the willingness to learn. Ambition, motivation and personal commitment pay off particularly well in the field of ethical hacking. This is because pentesters are sought-after specialists who are inundated with well-paid job offers, especially in times of extensive digitization. If you are interested in hacking, are considering a career in the field, or simply want to learn more about the methods and techniques of ethical hackers, we recommend the TOP 5 YouTube recommendations of our IT security consultants.

Attention: On September 29, 2022, GTSC published a blog article about high-risk vulnerabilities! It reports on a new attack opportunity that exploits two not yet disclosed vulnerabilities (0-Day). In doing so, attackers can perform remote code execution (RCE) on affected Microsoft on-premise Exchange servers. Our security analysts have also verified anomalies in connection with the new zero-day vulnerabilities during active analysis as part of our Managed Security Services. The vulnerability occurs, among other things, in Outlook Web Access (OWA) or in a related component and has not yet been fixed by Microsoft.