Desinformation, Betrug und Angriffe auf die Infrastruktur: Cyberbedrohungen sind allgegenwärtig und längst ein wichtiges Mittel der hybriden Kriegsführung. Das Wiener Cybersecurity-Unternehmen Alite nutzt militärisches Know-how, um Privatunternehmen vor Cyberangriffen sicherer zu machen. Ein Gespräch über falsche Sicherheitsgefühle, die Auswirkungen von KI und wie man am schnellsten in Computersysteme eindringt.
At the latest since the Russia-Ukraine war (-> current news from the Ukraine war), cyber attacks have become a tangible threat scenario. According to estimates, this is the first full-fledged cyber war. But corporations and companies are also affected: AI-generated deepfake videos can be used to defraud millions, as spectacular cases from Hong Kong show. One thing is clear: the rapidly developing digital world harbors a new risk landscape.
The Viennese company Alite specializes in corporate cyber security and creates risk analyses for specific business areas. It is backed by a great deal of military knowledge: Alite co-founder and managing director Stefan Tödling is a graduate of the military academy in Wiener Neustadt and has a degree in business administration. Alite analyst David Jaklin is a historian specializing in security policy and conflict research. He worked at the National Defense Academy and for security policy think tanks.
Mr. Tödling, what exactly does Alite do?
Stefan Tödling: Alite creates threat analyses for companies. The cyber area is the main focus here. In short, we combine military knowledge and procedures with IT know-how in order to create risk analyses for companies and derive security measures. This includes the presentation of cyber threats such as current ransomware and fraud variants as well as the identification of risks regarding the disruption of supply chains due to geopolitical developments. In other words, everything that is important for the functioning of companies. From case to case, we also go deeper: then we slip into the role of the attackers – on behalf of the company. We consider what would be interesting for potential intruders about a company and what information could be obtained and how. We also analyze how this information can be exploited. The aim is to find ways to cause maximum damage to a company. We then derive security solutions from this.
“By comprehensively educating large companies, we have demonstrated over the years how military knowledge can be applied and translated to large and medium-sized companies.”
Stefan Tödling von Elite
How do you proceed in principle? And what role does military training play in this?
Tödling: We try to act like a real opponent. Our military knowledge is a very good basis for planning, organizing and carrying out attacks. We follow the classic intelligence cycle, i.e. a precisely structured process of reconnaissance or information gathering and procurement. Ultimately, our work is about making strategically significant corporate risks processable in a structured manner. In other words, we look at the situation, simplify it, interpret it and draw conclusions together with the company. True to the military motto: present, evaluate and draw conclusions. By comprehensively educating large companies, we have demonstrated over the years how military knowledge can be applied and translated to large and medium-sized companies.
David Jaklin: Of course, we also work very much at the technical level: a significant part of our work involves helping companies to better organize and update their defence capabilities. This includes, in particular, technical measures ranging from optimizing the entire IT security architecture to internal procedures and processes.
Welche Entwicklungen stehen hinter all dem? Woher rührt der Bedarf?
Jaklin: Es gibt in vielen Unternehmen nach wie vor großen Aufholbedarf, sich auf die Cyberbedrohungslage und geopolitische Entwicklungen besser einzustellen. Noch immer herrscht in vielen Firmen der Glaube, dass nichts Gravierendes passieren könne. Stichwort: Insel der Seligen. Aber Cyberkriminalität ist ein globales Business und kennt keine Staatsgrenzen. Und spätestens seit Corona hat jeder gemerkt, welche Bedeutung etwa globale Lieferketten haben und was es heißt, wenn es zu Unterbrechungen kommt. Mit dem Ukraine-Krieg wird noch einmal klarer, wie stark globale Krisen auf uns Einfluss nehmen. Etwa in Form von hybriden Bedrohungen, bei denen Cyberangriffe eine große Komponente bilden. Mit unserer Arbeit wollen wir Bewusstsein für diese Form von Bedrohungen schaffen. Ziel ist es, in Unternehmen eine ganzheitliche Herangehensweise für sämtliche Cyberszenarien zu schaffen.
“An essential part of our work consists of helping companies to better organize and update their defence capabilities.”
David Jaklin von Alite
Who are the actors behind cyber threats? What types of attackers generally play a role?
Tödling: We make a fundamental distinction between private and state actors. One important group are state actors, i.e. intelligence and secret services as well as various semi-state groups that try to implement or support national goals. Some of the biggest players currently come from Russia. There are various groups there that can be assigned to different intelligence services, be they domestic or military intelligence services. These carry out a wide variety of attacks in all possible directions according to their mandate: For example, long-lasting attacks, as we are currently seeing in Ukraine. These groups are called APT – Advanced Persistent Threats, with Russian APT groups being given striking names such as “Fancy Bear” or “Cozy Bear” to emphasize their country of origin. Their main aim is to sabotage war and vital infrastructure. State-sponsored APT groups from China, on the other hand, have a different focus. They are often concerned with industrial and economic espionage, but they also target critical infrastructure.
Jaklin: In recent months, the Chinese APT group “Volt-Typhoon” has caused a stir because one of its operations was uncovered by the US Department of Justice. “Volt-Typhoon” played for time, i.e. they hacked into the critical infrastructure of the USA on a large scale with the aim of establishing themselves in the long term and securing access. We can only speculate as to why exactly. Official assessments are that in the event of war, for example if China were to attack Taiwan, they would be able to take immediate action to carry out attacks on critical US infrastructure or other Western countries.
Wie sieht es mit privat organisierten Gruppierungen aus?
Tödling: Private individuals also play a major role. The “classic” is still ransomware groups. In other words, groups that encrypt companies’ data and systems in order to blackmail them. The big players are also given very graphic names such as “Akira”, “Lockbit” or “Black Cat”. These groups attack companies with the aim of making money. They demand a ransom and, in return, offer the companies a key that enables data access again. Or they make money by selling captured data.
Jaklin: Some groups have built up a huge ecosystem in recent years and work in a very diversified way. There is one team that attacks. Another carries out the communication. And there’s another team that provides a kind of “customer service”. This is where the instructions come from as to when and where the money, usually in bitcoins, is to be transferred. Entire networks have formed. As a result, there has been a huge surge in professionalization in this area.
Wie dringe ich am schnellsten in das System eines Unternehmens ein?
Tödling: One of the easy ways is to use old passwords. There are plenty of them for sale on the darknet or they are openly available. These are passwords that have been stolen or lost. To use them, I first get an overview of all possible login windows on a company website. Then I take all the email addresses and passwords and try them out. Professionals do this automatically, of course. One social engineering scam that is often used, for example, is a call or email from a supposed IT employee who claims to have to defend against a virus and therefore needs the password. There are no limits to creativity in this area. What counts to be able to penetrate a system is a good and credible story. We have already put up posters with a fake competition for employees in front of a client company or sent flyers to the company. The printed QR code led to a login portal that looked like that of the company. There, employees were encouraged to enter their login details. The same applies to the sending of malware by email. I have to build a credible story around a link so that it is clicked.
Jaklin: Artificial intelligence plays a major role in this area in particular and will play an increasingly important role. AI can be used to speed up and refine processes incredibly. For example, when it comes to trying out passwords. Spinning a lie has also become more professional thanks to AI. This starts with the generation of professional-sounding texts and a high-quality translation. Research is also becoming easier thanks to AI. Fake photos and deepfake videos are also on the rise. All content is of a higher quality and is therefore harder to recognize as fake.
Tödling: There will still be major challenges here in the coming years. In conclusion, despite these threats and risks, there are also opportunities to be realized through professionalization.
Hier geht es zu weiteren Meldungen zum Thema Cyber-Sicherheit.
