Script kiddies with comparatively little know-how and professional hackers in the cybercrime scene have one thing in common: they do it for money, often together. Today, cyber attacks are increasingly being carried out as sophisticated services based on a division of labor. Crime-as-a-service.
"Things get really interesting in the area of highly organized cybercrime," says Peter Vahrenhorst, chief inspector and expert at the Cybercrime Competence Centre of the LKA NRW. He is responsible for cybercrime prevention in the business sector. Vahrenhorst worked as an IT investigator for many years and knows the perpetrators, means of crime and motives inside out. "Organized cyber criminals are primarily interested in money and power. They are experts who are constantly looking for vulnerabilities in the system and pass them on to other hackers in exchange for money."
Ransomware attacks. This usually involves extorting money by using software to extract data from the affected company, transferring it to their own system and encrypting it there. This is followed by a blackmail letter to the company with the aim of demanding a ransom in return for the release of the data. A well-known example: the cyberattack on Düsseldorf University Hospital in 2020.
Small and medium-sized companies in particular are not well protected. Trade, industry, retail, restaurants and hotels need to optimize their IT security. "Every company must expect an attack at any time," says Interior Minister Herbert Reul, describing the threat situation.
Another weak point is "social engineering". Here, the perpetrators deceive employees by infiltrating their trust, usually via the users' email accounts. For example, they pretend to be IT technicians in order to elicit passwords or other sensitive data. Or they send malware as an attachment to demand the money later when the company data has disappeared into the digital orbit. The range of perpetrators using this modus operandi is particularly wide: hacker collectives, competitors, current or former employees (so-called internal perpetrators) or even state actors sneak into the IT landscape of companies in this way.
Emergency plans are needed. And urgently. According to a Bitkom survey, only just under half of all companies in Germany have a worst-case plan. This is a major problem, as today's smart home solutions in the office and home office offer targets almost everywhere. Stephan Ursuleac, Consultant for Public Security & Defence at Bitkom, recommends: "Companies should already make preparations before a cyberattack according to a standardized methodology, for example according to the four pillars of IT security, structures & processes, physical security and human factors. This requires a little more know-how, but is often the basis for a cyber policy." A cyber policy can be useful and partially cover the damage caused by a hacker attack.
"The human factor is the biggest weak point in companies," says Ursuleac. Training and awareness-raising measures are important here and can be expanded, as can crisis management. However, the perpetrators are not invincible. The cryptocurrencies taken from the extortion must be exchanged. "These are good identification approaches for the police to track down the perpetrators," says Ursuleac. In 2019, the detection rate was at least 30 percent.
The cooperative approach within the cyber security architecture is particularly important for prevention. The Cybercrime Competence Center of the LKA NRW has been cooperating with various network partners for years. There is the Cybercrime Security Cooperation - Bitkom (together with five other LKAs), the NRW Security Partnership, the EcoVerband der Internetwirtschaft, networker NRW and VOICE, the Federal Association of IT Users.
The hotline of the LKA
The fight against cybercrime continues to be a strategic focus of the NRW police. Companies, institutions and authorities that require advice or immediate support following a cyberattack can contact the LKA NRW via the hotline on 0211-939-4040.
