Cyber Security Blog

Dive with us into the world of hackers, data espionage, and attack defense - several times a week for free!

The IT term "air gap" refers to the complete physical separation of a device or network from the internet. It is one of the most radical methods used primarily to secure a computer that stores extremely valuable information or controls high-risk processes. The basic idea behind "Air Gap": Without an Internet connection, no access to the computer - and without access, no chance for hackers. Nevertheless, computers and networks isolated by "Air Gap" do not guarantee 100 percent protection against compromise attempts. In this article, you will learn how cyber criminals rely on technical-physical methods such as ultrasound, thermodynamics and electromagnetic fields to gain access to supposedly inaccessible data - and what form of manipulation Israeli researchers recently achieved by successfully influencing electromagnetic waves.

In Germany alone, around 10,000 Microsoft on-premise Exchange servers are still not patched against the ProxyNotShell vulnerability, which has been known since September 2022. IT security managers should urgently apply the security update provided by Microsoft to prevent their systems from being compromised.

The networking of our devices also makes securing cars one of the great cybersecurity challenges of our time. Automotive technology is not only becoming more advanced due to integrated software systems, but also increasingly complex and vulnerable in its endpoints due to "smart features". Successful automotive hacks have increased greatly in the last three years, showing how attackers manage to successfully manipulate vulnerabilities in the APIs used by vehicle telematics systems remotely. A few weeks ago, the US-American, in his capacity as an ethical hacker, discovered serious security vulnerabilities at 16 leading car manufacturers.

A cyber attack can threaten the very existence of your company. Until now, the financial losses resulting from a successful hacker attack could be mitigated by taking out cyber insurance. But as losses from cyberattacks continue to rise, insurers have now adjusted premiums and exclusion criteria in such a way that policies are becoming less attractive in some cases. Experts even assume that insurers will soon offer no insurance cover at all against cyberattacks, or only very heavily regulated cover. Companies should therefore introduce systems now that will prevent them from falling victim to ransomware and data leaks in the first place.

Migrating IT applications to the cloud brings many benefits for businesses. But have you ever wondered if your corporate data is safe from theft and espionage in the cloud? The answer is no. While cloud providers usually deploy a web application firewall (WAF) to protect against cyberattacks, researchers have now discovered that some of these firewalls can be circumvented relatively easily. In this article, we'll tell you exactly how this works and how you can check whether your company's data is adequately protected by your provider's WAF.

The past year 2022 can be described succinctly: hardly predictable. A challenging economic situation, political upheavals accompanied by rapidly changing framework conditions, inflation, a shortage of skilled workers and rising energy prices have led to an unprecedented sense of insecurity, the effects of which are also clearly being felt in the IT security industry. Where will the key challenges lie in the next 12 months? We have given some thought to this and summarized them on the basis of the following 9 points, because one thing is already foreseeable: The threat level remains high and will continue to worsen in 2023.

In May 2022, Red Canary security researchers discovered a new computer worm that spread primarily via USB storage devices and network shares on Windows systems. The malware, dubbed the "Raspberry Robin or LNK worm," was initially thought to be relatively harmless. It initially spread quite quickly, but no downstream actions were apparent. However, in October 2022, Microsoft security researchers found that Raspberry Robin appears to be part of an extremely complex and highly interconnected malware ecosystem whose distribution extends beyond the initial USB drive distribution. In this article, learn how Raspberry Robin went from a simple computer worm to a gateway for malware - and how to protect yourself.

Extortion Trojans in the form of ransomware have become a serious and permanent threat. At the end of October 2022, for example, the hacker group Black Basta gained access to around 1,500 employee records after a successful ransomware attack on the IT service provider of the Deutsche Presse-Agentur (DPA), 20% of which were published on the darknet. The reason for the successful access to sensitive data, such as social security numbers or bank details: poorly protected FTP servers for storing documents. Ransomware attacks thus remain a relatively easy and extremely lucrative attack method, especially if the attacked systems are poorly protected. In this article, you will learn how to detect ransomware attacks on your company at an early stage and successfully fend them off.

Companies are confronted with increasingly complex cyber threats. Relying solely on preventive and pattern-based IT security measures (such as AV solutions and firewalling) is no longer sufficient today. Companies that want to be informed in time about a successful cyber attack have recognized the importance of early attack detection with the help of a "Managed Detection and Response solution" (MDR). The problem here is that most medium-sized companies do not have the necessary budget and do not have enough specialists, time and know-how to independently set up a Security Operations Center (SOC) required for this purpose. With Active Cyber Defense (ACD), Allgeier secion offers a 24/7 managed security service that relieves the IT security teams in this regard and can be booked cost-effectively at a flat monthly service fee. In this article, you can read how exactly the security analysts in the ACD team detect cyber attacks at an early stage and get answers to frequently asked questions.

At the beginning of August 2022, a new ransomware emerged that could not be assigned to any known malware family so far: the ARCrypter ransomware. The cybercriminals behind the extortion software have already attacked major Latin American organizations - including the Chilean government. Meanwhile, they are expanding their activities around the world, targeting German targets as well. Researchers have now figured out how ARCrypter works and what the characteristics of an ARCrypter attack are. The good news up front: with the right security tools, you can effectively protect yourself from the new threat.