Computers: supply chains at risk
Photo: KACPER PEMPEL / REUTERS
The alliance warns of an increasing number of online blackmail attacks on the faltering global supply chains.
Companies that deliver essential goods for the economy and society are among the most vulnerable targets, according to the Allianz industrial insurer AGCS.
Another target of attack are IT service providers whose systems are networked with a large number of computers in customer companies. In this way, cyber criminals could install blackmail software on a large number of computers from different companies within a short time, write the AGCS experts in their Cyber Report published on Wednesday. "Attacks on supply chains are the next big trend," said AGCS manager Jens Krickhahn.
Such ransomware attacks have already occurred several times in the past few months, but the AGCS experts expect the number of cases to continue to rise.
Ransomware means that hackers encrypt the computers of the attacked companies and demand a ransom for the release of the systems.
A common method is to send emails with encryption software in an attached file to authorities and companies.
In May, hackers paralyzed the systems of the US gasoline supplier Colonial Pipeline, which resulted in the gasoline supply being temporarily restricted on the US east coast.
Both the damage and the sums required are getting higher and higher.
Five years ago "5000, 6000, 7000 euros" were still being asked for online extortion cases, reported Krickhahn.
In 2020 there were already claims of $ 30 million.
"We're seeing $ 50 million in receivables these days."
According to AGCS, the criminal boom is fueled by the fact that hacker groups are now acting as service providers.
"As an average IT-savvy person, you can actually go out and rent ransomware attacks," said Krickhahn.
"In some cases you get a hotline function."
Not only are the sums extorted higher; the effort to restore blocked systems is also becoming more expensive and tedious, the report says. AGCS cites analyzes that show the average total cost of recovery and downtime for a blocked system more than doubled in the past year from a good $ 761,000 to $ 1.85 million in 2020.
According to the AGCS experts, many cyber attacks could be averted or the damage limited.
"Eighty percent of the damage is due to simple errors," said AGCS manager Michael Daum - as an example he named servers with outdated operating systems and corresponding security gaps.
Companies not only have to focus on prevention, they also need "digital alarm systems" in order to be able to recognize and stop a hacker attack once it has started.
mik / dpa