08.12.2022 | 1 Image

G DATA IT Security Trends 2023: Professional cyber criminals continue to put companies at risk

Social engineering and abuse of standard applications pose a massive threat to IT security in Germany
This press release has:

The IT threat situation will continue to worsen in 2023. The reason for this is the progressive professionalisation of the cyber crime scene. Cyber criminals are increasingly abusing authorised applications, such as administrator tools, or manipulating users by means of digital scams targeting the elderly. The lack of trained IT security professionals further exacerbates the situation. Because of the diversity of the threat landscape, end users are now often unaware of the risks and dangers.

Press release Plain text

Cyber criminals are using increasingly sophisticated and efficient methods to increase their profits. On the one hand, they are refining and changing their methods of infiltrating networks, and, on the other, they are using new tools for their attacks. Consequently, vulnerabilities in systems that are widely used are a particular risk. This includes, for example, the Java vulnerability Log4Shell, which criminals have used to gain access to company servers and which is still being exploited. This shows that a single gap is enough for attackers to compromise hundreds or even thousands of in one fell swoop. Therefore, administrators must always keep servers and user devices up to date with the latest software.

“A central problem for IT security in Germany has been and will continue to be that companies do not take warnings about vulnerabilities or security risks seriously”, says Andreas Lüning, co-founder and board member of G DATA CyberDefense. “They continue to underestimate the real risk to themselves of a cyber attack and rely on the principle of hope to see them through. Therefore those responsible must act now, because, in view of the tense economic situation, no company can afford sales losses or operational downtimes caused by an IT security incident.”

Rootkit renaissance

Another attack tool - rootkits - is experiencing a resurgence in attacks where cyber criminals combine different malware programs with each other. Rootkits can be used to hide malware from security solutions. In this way, criminals disguise their attempt to log in to the computer, along with the files and processes associated with this procedure. In proof of concept, researchers have demonstrated that attackers copy rootkits from GitHub, a platform for managing open source software, and incorporate these programs into their attack chains to infiltrate companies.

“The problem is that rootkits are not considered malware in the original sense and are therefore legally made available on GitHub”, comments Karsten Hahn, Lead Engineer Prevention, Detection and Response at G DATA CyberDefense. “Such offerings are of particular interest for criminals with little IT knowledge, because programming rootkits is no easy matter.”

Without skilled workers, there is a lack of IT security

One major challenge that affects small and medium-sized enterprises in particular is the lack of trained IT security professionals. This lack of expertise has a lasting effect on the level of IT security. Medium-sized companies cannot close this gap on their own. One way out of this dilemma is offered by managed security services and employees trained in cyber risks. It is important that companies take action sooner rather than later, because an attack on the IT system with possibly uncontrollable consequences can happen at any time.

Targeting the end consumer: attacking the iPhone

Private smartphones remain an attractive target for attackers, and not just because users use them for mobile banking and payments or as digital keys. Attackers will be increasingly targeting iPhones in the future. The reason is that iPhone users are considered to have more purchasing power and are therefore more lucrative for attackers.

The criminals exploit vulnerabilities in the iOS operating system in particular, because this gives them root permissions and thus complete control over the device”, warns Stefan Decker, mobile security expert at G DATA CyberDefense. “The current year has shown how serious the situation is, as Apple has had to provide patches for critical gaps on several occasions.”


Users must therefore install patches and updates for their smartphones as quickly as possible.

Social engineering: people in the crosshairs

Because technological protection against malware has improved significantly, cyber criminals are continuing to adapt their attack methods. Social engineering attacks can hit anyone. They aim to tap into personal data or information from victims. Smartphones play a crucial role in this. Attackers are increasingly contacting their potential victims via messenger services such as WhatsApp or Telegram. Current fraud attempts show how real the danger is. Perpetrators have moved scams targeting the elderly into the digital space, as a form of “senior scam 2.0”. Perpetrators pretend to be a family member in need and try to persuade their victim to transfer a large sum of money.


Anyone who receives an emergency call should - as difficult as it may be - keep a level head and analyse the scenario. And check via another channel (email or telephone call) if the emergency described has actually happened.


With holistic cyber defence services, G DATA CyberDefense makes you defensible against cybercrime. The renowned IT security company protects with AI technologies, endpoint protection, security monitoring and offers penetration tests, incident response and awareness training in order to secure companies in the best possible way.

G DATA CyberDefense AG supports its customers in every security situation. From the headquarters in Bochum, more than 550 employees ensure the digital security of companies, critical infrastructures such as hospitals or airports as well as millions of private users. With almost 40 years of expertise in malware analysis, G DATA has become a top player in the cybersecurity world and conducts research and software development exclusively in Germany. This also applies to service and support, which is available around the clock for customers all over the world. G DATA security solutions are available in more than 90 countries and have received numerous awards from independent test institutes.

All contents of this press release as .zip:

Direct download

Release text 4708 Characters

Plain text Copy release text

Images (1)

G_DATA-IT_Security_Trends_2023-Logo
2 835 x 1 488 © G DATA CyberDefense

Contact

(2) Kathrin Beckert-Plewka
Kathrin Beckert-Plewka
Public Relations Managerin

+49 234 9762 - 507
kathrin.beckert@gdata.de