In the night from May 6th to 7th, 2020, the IT department of the Ruhr University Bochum noticed massive disruptions in network traffic, which indicated a hacker attack. The security officers then shut down the servers in the university’s central administration to prevent the virus from spreading further and damaging and deleting data. The Exchange and Sharepoint servers were particularly affected by the virus attack, but the VPN access to the university systems also temporarily stopped working. As a result of the attack, the university’s internal mail system failed, and numerous services were no longer available to students working externally. Since the university was only online because of the corona crisis, teaching was severely restricted.
Ransomware had struck at the University of Bochum. The name comes from the English word ransom, which means ransom. Such malicious programs penetrate a computer or an entire network and try to encrypt the data there or to lock out the standard users, including the administrator. The criminals behind the attack are demanding a ransom for decrypting or releasing the data.
The best-known ransomware of the past few years has been transmitted by the Emotet Trojan virus. This generates spam emails that appear particularly authentic and uses the Outlook address book of an infected computer. In the attachment of such emails there is a Word or Excel document with integrated macros, which trigger the infection of the PC after approval by the user. Emotet then reloads additional modules from the Internet, which then begin to encrypt the data.
Defense: The most effective remedy against a ransomware attack is a regular backup of the most important documents on a medium such as a USB stick or an external hard drive. After the backup, the data medium should then be disconnected from the PC immediately. You can find a detailed and up-to-date backup guide here.
According to data from the security company Check Point, the banking Trojan Dridex was the world’s most widespread malware in April 2020. Just like Emotet, the software misuses the macro function of office documents and then sends the data found on the infected PC to a server on the Internet. It also contains a keylogger, which means it reads the user’s keystrokes.
Since September 2019, two-factor authentication for banking transactions has been mandatory in the EU. Since then, the programmers of banking Trojans have primarily targeted users in Russia, Asia and South America. However, some have switched to Android devices and intercept the banks’ SMS with the confirmation code.
Defense: Only install apps from the official Google Play Store. You can also install an antivirus app. The apps Avira, Bitdefender and G Data did well in the test.
Keyloggers are available as hardware that is installed on the USB port between the keyboard and PC, and as software. In this form, it is often just a single, inconspicuous file that lies somewhere in the depths of Windows and intercepts the keystrokes. Of course, hackers are primarily interested in usernames, passwords and PINs. The keylogger sends you the data via the Internet.
Defense: Because keyloggers are so inconspicuous, many antivirus programs have difficulty detecting them. This task is better solved by special anti-spyware tools such as Freeware Spybot Search & Destroy. If you have to enter your password on a third-party computer for a shop or internet service, use a trick: type in the first few letters, then click on a free area of the website, enter a random combination of characters, and type Then continue entering your password in the standard input field.
In the event of a phishing attack, a criminal tries to coax a victim’s access data to an online shop or a payment service provider such as PayPal. To do this, he sends him an email with a link that leads him to a deceptively genuinely imitated website of this service. Using the text of the email, the hacker tries to persuade the user to enter his access data on the fake website. If this succeeds, the attacker logs in to the real website, changes the password and orders goods at the victim’s expense, who can also no longer access their own account.
Defense: Some antivirus programs can detect phishing emails. To do this, however, the virus signatures have to be updated regularly, if possible several times a day. When sending messages from shops and online services, always look very carefully at the sender addresses. If it is a phishing email, it usually does not come from the provider’s domain. Instead, the criminal uses a free email service or uses a slightly different domain name such as amason.com. It is also typical of phishing emails that they make your request urgent and want you to react within a few hours or days.
Spam mails are closely related to phishing. Most of these advertising messages are harmless and annoying, but some of them come from fraudsters. They respond to current trends and offer high-demand products during the corona pandemic, for example breathing masks. To do this, they guide the user via a link to an online shop, where they enter their address and payment details. The money is debited immediately, but the goods never appear.
Defense: Take a close look at the website and email; You should google previously unknown providers. Do not pay by Sofortüberweisung. If you paid by direct debit or credit card and find that it is a scam, contact your bank immediately. In many cases you can get your money back.
RDP stands for the remote desktop protocol that Microsoft has installed in Windows for the maintenance of remote computers. Administrators can use this to connect to another PC via the network or the Internet and take over control. The desktop of the remote computer then runs in a window on your own Windows PC.
In recent years, the RDP has become a preferred target for hackers. They use special port scanners to search for computers on which the protocol is activated, and then try to use brute-force attacks to determine user names and passwords. Sometimes these attacks last for several days or even weeks. Once you have gained access, you can, for example, play ransomware on the third-party PC or use it to explore the company’s network.
Defense: Disable RDP when you don’t need it. To do this, go to “System -› Remote Desktop “in the” Settings “and set the switch for” Activate Remote Desktop “to” Off “. If you want to use the protocol, make sure that all people you allow remote access use sufficiently complex passwords: at least twelve characters, with upper and lower case letters, numbers and special characters.
In the event of such an attack, the hackers usually manipulate an existing website and use a code there that automatically loads malware onto the visitor’s computer when the page is called up. For this to work, two prerequisites must be met: The website or the content management system behind it must have security gaps so that the attacker can change the code. In addition, there must also be a security hole in the visitor’s browser, otherwise an unnoticed download would not be possible.
Defense: Make sure that you always work with the current version of your browser software. You can also use a script blocker, such as Noscript.
A botnet or botnet is made up of thousands of computers or networked devices that have been infected with malware. As a result, they communicate unnoticed with a command and control server on the Internet, from which they receive instructions for further actions. Botnet operators are often service providers who carry out DDoS attacks against web servers for a fee, send spam mails or undertake click fraud, for example by visiting websites or clicking on advertising banners.
Defense: The software for the botnet comes in most cases as an attachment to a spam mail or as a Trojan. Antivirus software usually detects the pests and raises the alarm. However, you should not click on file attachments in emails from unknown senders and only download software from reputable providers such as PC-WELT.
Just as the Greeks invaded the city of Troy unnoticed in the belly of a wooden horse, downloading a supposedly harmless software brings a virus to your computer that spreads automatically when you run the setup.
Defense: Do not download programs from dubious sources or illegal patches. In general, be extremely careful when clicking and opening attachments in emails.
With a denial-of-service attack, criminals shut down a server, network, or Internet service by deliberately overloading it. If a large number of computers are involved in this attack, such as a botnet, one speaks of a distributed denial of service, DDoS.
DDoS attacks are offered by criminals as a service to paralyze a competitor’s website or to ransom a server operator or as a form of political protest. DDoS attacks are increasingly carried out via poorly secured devices in the Internet of Things (IoT) that can be hijacked in large numbers. At the command of a command-and-control server, they all begin flooding the target with senseless queries and large amounts of data at the same time until it collapses under the load of the queries and is no longer accessible to the user.
Defense: Make sure that all of your internet devices such as routers, webcams and others are protected with long, secure passwords. On the other hand, you usually do not have to fear an attack on your private website, and if so, your provider is responsible for the defense. For example, he can redirect the queries to another address.
(PC world)