Web application as vulnerability: this is how cybercriminals attack companies

More and more often, criminals are using vulnerabilities in software and devices in order to extract information, incapacitate business processes, or get rich at others’ expense.

Norderstedt, June 26, 2017 – The threat of cyberattacks on computers, smartphones, and IT systems increased substantially in 2016, according a report by the German Federal Office for Information Security (BSI). The current issue of the professional journal ‘IT Sicherheit’ describes scenarios showing what sort of attacks by hackers and cyber criminals companies must expect. The increasing level of digitalization and networking is providing a fertile breeding ground for cybercrime. For instance, cybercriminals profit almost daily from new points of attack. Lufthansa Industry Solutions has posted an article (in German) on the magazine’s online platform entitled “Web Application as Vulnerability: this is how cybercriminals attack companies”.

Cybercriminals are aiming more than ever at companies’ public manifestations: their websites. These are particularly interesting because they are where products and services are on offer – that is, where business is generated. Added to this are the interfaces used by apps. These “technical websites”, such as REST interfaces, can be worthwhile targets. Botnets, in particular, are a growing danger, since they can perform DDoS attacks from thousands of devices targeted at specific websites.

No matter which method attackers choose, they always proceed in four phases. The first focuses on “information gathering”. Here the goal is to extract all the information that helps identify a company’s vulnerabilities or enable phishing attacks. Then comes the deployment phase, where the idea is to hack into a company and gain access to the target system. Once a system has been successfully penetrated, the attacker tries to spread throughout the internal corporate network and strengthen their access. The primary aim of the final phase is to eliminate any traces in order to remain in the infested system unidentified for as long as possible.

A well-functioning update management system is important for companies to ensure that attackers can no longer make use of known vulnerabilities already eliminated by a manufacturer. In addition, a company should carry out proactive penetration tests on its own IT infrastructure to beat attackers at identifying – and then closing – any breaches in their services and infrastructure. What is more, if companies establish IT security standards, such as the ISO/IEC 27000 family or the basic IT protection of the BSI, they have comprehensive control over the issue of IT security and leave little opportunity for attackers.

Companies in all industries should always keep their security systems up to the latest standards. Here they can count on advice from the IT security experts at Lufthansa Industry Solutions, who always work in close collaboration with experts in the respective industries in order to best meet company-specific security demands.

About Lufthansa Industry Solutions

Lufthansa Industry Solutions is a service provider for IT consulting and system integration. This Lufthansa subsidiary helps its clients with the digital transformation of their companies. Its customer base includes companies both within and outside the Lufthansa Group, as well as more than 200 companies in various lines of business. The company is based in Norderstedt and employs more than 1,300 members of staff at several branch offices in Germany, Switzerland and the USA.