Cybersecurity basics: Everything you should know

The more connected the digital world grows, the more important the issue of security becomes. As cyberattacks steadily increase, cybersecurity has to keep pace or, even better, be at least one step ahead. New solutions enhance security. But what do they look like and what threats actually come from the Internet?

Cybersecurity and cyberattacks

When the Internet was invented more than thirty years ago, little attention was paid to security for private users to begin with – no one assumed there would be such a thing as online crime. That changed in the following years and terms like cybersecurity and cyberattacks were coined.

What is cybersecurity?

Cybersecurity deals with all aspects of security in information and communications technology and embraces a wide range of different measures, concepts and guidelines. These aim to protect computers, servers, mobile devices and networks connected to the Internet against unauthorized access, data theft, attacks and manipulation from the whole of cyberspace.

What is a cyberattack?

A cyberattack is a hostile attack on another party’s computer network or system, in which an attacker spies on the network or system, cripples it or even manipulates it to their own advantage. Cybercriminals target individual citizens, companies, political institutions, public authorities and even an entire country’s infrastructure.

More connected devices – more attacks

The reality is that cybersecurity is growing in importance: The IT network of Volkswagen, the world’s largest car manufacturer, is attacked 6,000 times a day, according to the German Federal Office for Information Security (BSI). High-tech companies like Infineon are also the target of many cyberattacks. Infineon’s Business Continuity (BC) department organizes its defenses.

According to the BSI, there are 20 highly specialized and serious attacks on the German government’s network itself every day. And the experts from Kaspersky Lab detect around 360,000 new malicious files a day worldwide. Companies with a lot of customer data, such as online shops or e-mail providers, are affected in particular. The objective: To steal personal data, such as account details and passwords.

Connected devices deliver a great deal of convenience, for example, by allowing you to turn up the heating by smartphone while you’re out, so that you come home to a warm living room. Yet they also offer attack surfaces and a doorway to cyberattacks. GARTNER predicts that there will be 20.4 billion connected things in 2020.

What types of attacker and targets are there?

Cybercrime may have different aspects:

  • Internal versus external perpetrators
  • "Lone wolves" versus organized crime
  • Criminals with a financial motive
  • Government-sponsored attackers
  • Hidden attackers versus attackers aiming to attract public attention

The targets

Devices connected over the Internet offer useful functions, such as being able to reach one another remotely. Yet that also makes them potential targets for attackers:

  • Cybercriminals attack an individual user’s privacy, steal passwords, empty bank accounts or shop at the expense of the victim.
  • The many connected devices used by individuals, such as routers, tablets, cameras or PCs, if not appropriately secured, can be hijacked by attackers and joined together in botnets. These can then conduct denial-of-service (DoS) attacks and so cause telecommunications outages, for example.
  • Attackers try to steal business secrets through espionage or sabotage machinery at companies. The damage this causes in Germany is put at around 50 billion euros a year by the country’s Federal Office for the Protection of the Constitution.
  • In the case of attacking a state’s infrastructure, power grids (such as in Ukraine in 2015) and even the entire Internet of another country (as was the case in Estonia in 2007) are crippled.

The changing face of cyber threats

The world of cyber threats is changing rapidly. Clever attackers are constantly inventing new attack techniques. For example, ransomware encrypts data and locks computers, demanding a ransom to decrypt it. Even while an attack is ongoing, the malware grows more specialized, takes on a life of its own and becomes smarter.

Ransomware: Definition

If attackers use ransomware, they can manipulate the victim’s computer so that it can no longer be used – the PC or server and its data are hijacked virtually, as it were. The attacker only frees the computer and data once the victim – a person or a company – has paid a ransom.

“Stealing data by phishing was a top issue two years ago. Now it’s ransomware that’s a major focus of security experts, as well as law enforcement authorities,” says Dr. Detlef Houdeau, an expert for the cybersecurity market at Infineon.

As the number of devices that communicate with each other grows, so too does the complexity of potential attack scenarios. Houdeau illustrates that with a specific example: “The images from a CT (computed tomography) scanner at a hospital are sent automatically to the person’s doctor. The scanner is connected to the hospital’s IT (information technology) system, but comes from a manufacturer of medical products. If the scanner is not protected, someone can penetrate it and then manipulate the IT system. So it’s not enough to protect the hospital IT system. Connected devices must also be protected against cyberattacks.”

Quantum computers: A new threat

Quantum computers: A new threat

Technologies are advancing. Artificial intelligence can help defenders, yet also make cyberattacks more efficient; high-performance systems for quantum computing are also a new threat for the digital world.

Confidential data is encrypted to protect it in cyberspace. Many of the encryption algorithms used today can be cracked by quantum computer. Experts expect the first quantum computers to be in use in 10 to 15 years’ time. New algorithms termed “post-quantum-resistant” will be standardized as a possible countermeasure in the coming months and years.

What are the most frequent and biggest cyber risks?

Attacks can exploit various weak points: in the home networks of private users, as well as the networks of companies and public authorities – even in government networks. The risks this entails are wide and diverse.

  • Users themselves can be the weak point: They might introduce malware by using an infected USB stick, use a password that’s easy to guess, such as their own birthday, or not (adequately) encrypt sensitive data.
  • Network equipment, such as broadband routers, may also have security In the fall of 2016, a million Germans were without digital TV, the phone and Internet for two days because a widely used router has been attacked.
  • Attacks on a country’s critical infrastructure are even more dangerous. Adversaries may try to injure or kill people and severely hit the economy with a digital attack on hospitals, airports, trains, pipelines, banks or power grid. Defenders may not know when, where and how the attack will come.

 

Overview of major cyberattacks from the past:

 
2007

A DoS attack cripples the entire Internet in Estonia.

2010

The computer worm Stuxnet shuts down the uranium enrichment plant in Iran.

2011

The data of 77 million subscribers was stolen from Sony in Japan.

2012

The data of 24 million customer accounts was stolen from Amazon’s subsidiary Zappos.

2013

Around 38 million customer data records were stolen from Adobe in the U.S.

2014

The data of around 1 billion customer accounts was hacked at Yahoo in the U.S. That exposed the phone number, date of birth, encrypted passwords and unencrypted security questions used to recover passwords. The data of a total of 145 million customers was stolen at eBay in the same year. 

2015

The cyberattacks on the German parliament, the Bundestag, meant the computers had to be replaced.

2016

As a result of the Mirai attacks, for example, on routers of Deutsche Telekom, around 1 million households were without TV, Internet and phone services for 24 hours. Fake information and news was sent to Democrats by social bots during the U.S. election campaign.

2017

The malware WannaCry exploited a security vulnerability in Windows worldwide. The ransomware NotPetya encrypted the file table on hard drives on hundreds of thousands of computers.

2018

The health data of 1.5 million citizens in Singapore was stolen.

2019

Fraudulent transfers in the triple-digit range were initiated by phishing attacks on the Ärzte- und Apothekerbank in Germany.

 

 

Greater cybersecurity with new security concepts

Conventional methods, such as firewalls and anti-virus scanners, are no longer enough to ward off the different ways of being attacked. The attacks are simply too sophisticated. To use the Internet, connected vehicle, smart home, smart grid and industrial internet securely, we need new security concepts. They are based on a technological approach known as “security by design” and are built into the product or system when it is developed. Security standards are now being created in more and more IoT sectors and finding their way into new products.

Cybersecurity through encryption and authentication

The objective is to protect information so that only authorized persons, computers, machines or general network nodes can access it. That requires two steps: secured identification and authorization of the entities. The example of connected cars illustrates what that might look like. The cars of the future will have far more electronic equipment on board – and hence more external interfaces that may be vulnerable.

The software in the car needs regular updates to protect these interfaces. For that to work, it is necessary to ensure that the computer supplying the updates and the gateway in front of the car’s control system authenticate themselves to each other. That means only these two devices are allowed to exchange data. Moreover, communication between the interfaces must be encrypted to prevent eavesdropping and integrity protected to prevent undetected interference. To avoid the need to go to a workshop for updates, they will be increasingly be sent over-the-air (OTA), just like for a smartphone.

That requires appropriate hardware, which is why Infineon is equipping control units with chips that are responsible for authentication and encryption. Such secured identification processes are crucial in machine-to-machine communication.

Connectivity: The future and past

Market analysts expect, for example, that around 100 million vehicles will be connected with the Internet by 2025, making the car a sort of “computer on four wheels.” On top of that, they will be connected to the infrastructure (V2I) and with each other (V2V), while autonomous vehicles will use new standards like 5G and ITS-G5.

Older products and systems, such as production machinery, railway signaling systems, medical products, cars and aircraft, pose a real challenge. The manufacturers have discontinued maintenance of the products and upgrading them would involve excessive cost and effort. One frequently tried approach is to separate these old devices from other systems using security gateways and firewalls. But this approach has not been successful when attackers find a way to breach these protections, e.g. Ukrainian power grid attacks.

Internet security check list

You should always observe these tips if you want to use the Internet securely:  

  1. Always keep software up-to-date.
  2. Use an anti-virus scanner and a firewall.
  3. Use strong passwords and protected password managers. Use at least 10, or even better 12, characters containing numbers, upper-case and lower-case letters and special characters, and use a different password for each service. Best of all, make up nonsense passwords: One expedient way is to take the initial letters in a sentence and add numbers and special characters. “I go to New York every May 31 and visit the Statue of Liberty!” then gives the password IgtNYeM31&vtSoL!

    One more advice: For important accounts such as your bank, enable multi-factor authentication (MFA). When you login to such an account, an extra code will be sent to you to verify your desire to login. An attacker who has your password won’t have that extra code so they will be stymied. Among MFA methods, typically, an authentication app is more secure than a text message sent to your phone because attackers have figured out how to grab such text messages.
  4. Work on your computer as a normal user and not as an administrator, since the latter has wider access to the system. If your computer has been infected by malware and you are logged on as the administrator, any infected software that you run likewise has extended rights and can cause greater damage.
  5. Do not click on links in e-mails, and be careful when opening attachments, especially if you don’t know the sender. Check all attachments with an anti-virus scanner before opening them.
  6. Save all your important data regularly on another hard drive or in the cloud. (Note that this will not prevent ransomware from encrypting this data. To stop ransomware, you must burn your data to a DVD or store it on a drive that you then make read-only.)
  7. Encrypt sensitive data and e-mails.
  8. Be careful about what information you divulge on the Internet.
  9. Do not connect to an unprotected WLAN (wireless local area network). If you need a network urgently, use your smartphone with a cellular data connection.
  10. Be attentive and critical when you surf the web, write e-mails or work on the computer. Don’t believe everything you read, even if it seems to come from a trusted party. They may be accidentally passing on incorrect information or even a virus. Do not click on links or download files without great caution. If an email seems odd or requests special favor, call the sender to verify it really came from them.
  11. Do not use the same passwords for different systems.
  12. When you purchase a new smart home device, change the standard password it comes with right away.
  13. Do not download any apps and/or computer programs from websites that are not trustworthy.

Measures by public authorities to provide greater cybersecurity

Power, healthcare, finance and transportation are examples of sectors in a country that constitute critical infrastructures. Citizens in Europe have a right to the basic services they provide. If those infrastructures were attacked, that would entail massive outages and chaos, also causing harm to people. That is why public authorities have taken measures to increase cybersecurity for these sectors:

  • Germany’s IT Security Act, which came into effect in 2015, obligates operators of around 2,500 facilities in Germany to ensure their IT systems are especially protected. For example, they have to meet more stringent security requirements and furnish proof of that in audits. They are also obliged to warn customers if they discover any data abuse. Moreover, they have to report incidents to the authorities. The counterpart EU law is called the NIS Directive and applies simultaneously in all EU Member States.
  • In the USA, Presidential Policy Directive 21 identifies 16 critical infrastructure sectors and the agencies responsible for overseeing security in each sector. Although some sectors are regulated, most operate on a voluntary model. The NIST Cybersecurity Framework is widely used to ensure that risks are considered and best practices followed.
  • At the same time, public authorities also support private users in defending against cyberattacks and, as part of that, rely on the initiative of online service providers and hardware manufacturers. Under the Cybersecurity Act adopted by the EU, consistent regulations on certification of consumer devices are to be developed. The aim of that is to help raise the security level for consumer electronics (CE) in the business-to-consumer (B2C) market in the EU. Moreover, products, solutions and services in the business-to-business (B2B) market are also to embody certified IT security to a greater extent. In the public sector (business-to-government or B2G), the goal is to maximize and harmonize the standard of IT security across all EU Member States moving ahead.
  • In the USA, cybersecurity for consumers, non-profits, and small businesses is promoted through the National Cyber Security Awareness Month and throughout the year by resources available from the Federal Trade Commission and other agencies.
  • The EU Commission plans to establish a new agency called the EU Cybersecurity Competence Center (ECCC) at the end of 2019. Know-how on new threats and suitable means of countering them will be pooled there in the future. An EU-wide network of more than 600 test and inspection labs is to be created.

 

A bot is software running on a device (e.g. computer) that connects to the Internet, has been infected with malware and can be controlled remotely. Attackers combine bots to create a huge “botnet” that they can use without the device owners suspecting a thing. Botnets are often used for DDoS attacks.

In a distributed denial-of-service (DDoS) attack, a service such as a web site is flooded with requests and hence works only with great restrictions, if at all. Such attacks are often conducted using botnets by directing all the bots in the botnet to send requests.

A forcible attack on a cryptographic algorithm. All possible combinations are tried out automatically and systematically in order to crack the algorithm.

The abuse of someone else’s personal data. It is also termed identity misuse.

In this type of attack, attackers use fraudulent emails or other messages to trick victims into taking an action such as revealing personal data or passwords.

A phishing attack that is targeted at one person or a small group. Because the attack is targeted, a spear phishing message may be created specifically for the recipient thus making it much harder to identify as fraudulent.

Attackers claim in an e-mail to be high-ranking employees or other trusted parties in order to induce others to transfer money or perform some other transaction.

This term denotes malware that infects and blocks a computer system, often encrypting valuable data. The attacker then demands money to free the system and decrypt the data.

These files conceal themselves in apparently harmless programs and so enter the computer without being noticed. They then cause damage there directly or by downloading other malware from the Internet.

Malware that spreads from one computer to another, for example, in the form of an e-mail attachment.

This type of malware copies itself automatically and therefore spreads as quickly as possible, for example, via the address book in an e-mail program.

An attack that exploits security weaknesses before they are discovered and can be eliminated.

The compilation and publication of personal data on the Internet.

A computer program with unwanted or harmful features.

An attack technique that exploits security vulnerabilities by injecting code written in the SQL language.

An attack technique where one web site inserts untrustworthy information into a context that has been classified as trustworthy.

The future of cybersecurity

However, it is also in the own interests of the electrical and electronics industry to boost cybersecurity moving ahead. As the German Electrical and Electronic Manufacturers’ Association (ZVEI) states: “The advantages of digitalization cannot be leveraged if personal and technical data is not protected. We feel sure that cybersecurity will grow in importance when it comes to protecting consumers, ensuring the quality of products and enhancing customer loyalty.”

It should come as no surprise that router manufacturers are making the first move. After all, routers are the core piece of equipment in every home network. They are the interface between the home network and the Internet – and that makes them a popular target for attacks.

Further topics