Hospitals and other healthcare facilities have not been spared attacks by cyber criminals for a long time. In September 2020, the IT systems at Düsseldorf University Hospital collapsed due to a malware attack and a patient could not be treated in time. Unfortunately, this ended fatally for the patient. A year earlier, a computer worm at Fürth Hospital caused the IT systems to go down for days. New patients could no longer be admitted.
KRITIS operators are now a lucrative target for hackers. This is obvious: if hackers steal data and blackmail the operators of KRITIS infrastructures, the consequences can be very fatal in the event of a disruption to basic services for millions of people.
No wonder the German Federal Office for Information Security (BSI) issued a warning in its situation report in October 2020, as the number of malware programs now exceeds the billion mark. The number of attacks on KRITIS companies has almost doubled compared to the previous year. One consequence of this is that patient data in the tens of millions is freely accessible online.
Coronavirus-related working from home also added numerous new points of attack in 2020. Working on mobile devices in particular has increasingly become part of everyday working life in KRITIS companies. Smartphones and tablets are used to transmit sensitive data and confidential content such as patient reports. However, these devices are rarely integrated into the same rigid security measures as local work computers. If the device does not communicate via a company WLAN, mobile working often lacks components such as firewalls and proxy servers, patch management or encryption to protect the internal network from attacks and data loss. If employees then still use their private devices for work purposes due to a lack of alternatives, securing these devices becomes an almost impossible or at least very time-consuming task for IT managers.
The reason for this is that many people use unauthorized and unauthorized apps such as WhatsApp or their own email account to quickly communicate with colleagues. It is precisely these private applications, which are not approved for professional use, that offer criminals many opportunities for attacks. For example, an Android worm is currently spreading via WhatsApp, which replies to messages independently and, in the worst case scenario, can jump from smartphone to smartphone. This is used by criminals for adware and subscription rip-offs. Banking Trojans, spyware or ransomware can also be distributed in this way. Apps such as WhatsApp also have an embedded function for data exfiltration. The messenger reads the address books of employees with email contacts and telephone numbers of colleagues, customers or partners and passes this information on to Facebook. All it takes is for the application to be installed without necessarily being used for work purposes. Mobile shadow IT like this not only jeopardizes the data security of KRITIS companies, but also violates the provisions of the GDPR.
Find out more about how operators of critical infrastructures can secure their mobile communications.