When the virtual burglar locks the door

At the end of January, the History of a cyberattack through the mediawhich caused a particular stir: criminals had attacked an Austrian hotel and - on the opening weekend of the winter season - not only paralyzed the reservation computer and the cash register system, but also ensured that guests and hotel staff could no longer access the rooms by attacking the key system. Only after payment of 1,500 euros were the systems released again. According to those responsible, this was the third attack in a very short time, with the fourth following only a short time later.

Increasing creativity of criminals

Oliver Keizers, Regional Director DACH at security specialist Fidelis Cybersecurity, sees this as a blueprint for the attacks that large and small companies must currently prepare for, but also warns against premature panic: "The attack shows the increasing creativity of criminals when it comes to their targets. At a time when many important computer and storage systems are outsourced to the cloud and secured by backups, they are targeting the areas that are necessarily physically on site - in this case, the key system. A lot of backup mechanisms are being undermined as a result."

But there are two other things that are remarkable about the story: first, that there were four attacks in a very short time, and second, that the criminals actually unlocked the systems again. This suggests that someone has nested here in the system and so far the door through which he always gets back in has not been found. Of course, after paying the ransom, someone like that will always release the system again nicely - after all, they want to strike again in a few weeks. So it would be important not only to secure the entire system better from the outside, but also to analyze the attacks that have already happened, learn from them and finally close the door that is still open.

Still no return to analog key technology

After all, an incident like this is grist to the mill of the critics of smart home or IoT systems - here, too, there is talk of returning to analog key technology. But it is easy to forget that technological locking systems were not introduced for fun, but because of the higher security standard. And if, as here, analog keys are used again, attackers will simply look for a new target - the router of the guest WLAN, the app-controlled coffee machine or the smart refrigerator. Hardly any company can afford to ignore this modern technology, which is being developed to make everyday life easier. And just because this new technology is vulnerable doesn't mean it shouldn't be used. The applications just need to be better protected and both the devices themselves and the network they operate on need to be constantly and efficiently monitored.

Text: Fidelis Cybersecurity