Five common means of staging cyber attacks

17 July 2023
Hackers uncover vulnerabilities easily - biggest risks and preventive measures

The number of cyber attacks on companies and institutions in Hamburg continues to grow and from 35 in 2018 to 227 in 2022, according to the Data Protection 2022 report issued by the Commissioner for Data Protection and Freedom of Information (HmbBfDI) in late March. Apart from commercial and industrial companies, universities, media companies and Hamburg Airport are increasingly being targeted. Meanwhile, Germany's Federal Office for Information Security (BSI) is monitoring cyber security closely and offering practical assistance to combat the risk of cyber attacks both reactively and preventively. The most widespread cyber attacks can take the following shape, according to BSI.

1) Malware

Malware is designed to disrupt, damage or gain unauthorised access to a computer system and in many different ways. A file attached to an apparently trustworthy e-mail as a hidden bonus in a free download, a malicious macro in an Office document or even clicking on a website with a disguised advertising banner can soon turn into a real danger. The BSI urges users to update virus protection programmes and to carry out regular updates and be particularly wary of opening and clicking on links and attachments - "even from supposedly known senders". Restricting system rights and regular backups minimise the damage in the event of a successful attack despite taking all kinds of precautions. 

2) Identity theft through doxing

Doxing means attackers collect personal data such as telephone numbers, workplace information or financial information, which is bundled and published on the internet with malicious intent. Thus, email accounts, social media sites and online access to a bank account can be hijacked easily. "The best prevention is to use one's own data sparingly on the internet," said  BSI, and coupled with a strong password - the more creative, the better. Hackers use tools that automatically try out combinations of characters or access data once published on the internet for all kinds of services. Two-factor authentication (2FA), in which another security component such as a PIN must be entered as well as a login password, is also advisable.

3) Spam and phishing 

Dangerous spam emails are often disguised as advertisements and contain links or attachments. A careless click opens a fake website in a browser window that may be infected with malware. Spam also includes phishing e-mails. The senders pretend to be real banks, payment service providers, parcel services or online shops... they scam passwords and other personal information. Users should watch out for badly-worded subject lines and check the sender's address carefully, as it is often fake.

4) Botnets

A bot is an autonomous program on the internet or another network that can infiltrate systems or users using a malicious programme. Laptops, mobile phones, tablets, wearables or parts of the IoT such as webcams or routers can also be hit.  A botnet is a network of private computers - often several thousand - infected with malicious software and controlled as a group without the owners' knowledge, e.g. to send spam. The affected devices are both victims and attackers at the same time. Bots often operate inconspicuously in the background; a warning signal is a significantly slower internet connection. A look at the task manager can provide information: any strange processes displayed there should be scanned for virusesSmartphones and tablets are often infected by installing manipulated apps. The BSI therefore recommends using apps only from controlled sources such as the Google Play Store or the Amazon App Store, as they are usually checked for malware in advance.

5) Social Engineering – human factor as a weak point

Hackers also exploit the human factor instead of technical vulnerabilities. The attacks rely on human characteristics such as helpfulness, trust, fear or respect for authority to manipulate people. Victims are tricked into revealing login credentials, bypassing security features, making wire transfers or installing malware on their personal device or a computer on a corporate network. "The main feature of social engineering attacks is deception about identity," said BSI. The attacker may pose as a technician or employee of companies such as PayPal, Facebook or a telecommunications company. The attacks are often underpinned with real background information, - which has been spied out beforehand. Caution is advised. "Call the sender to make sure it is a legitimate email," BSI urged.


Sources and further information

Similar articles

Cybersecurity in Hamburg more important amid rising attacks

Perpetrators, risks and best protection

Employees proving best firewall against cybercrime

Every fourth firm in Hamburg hit by cybercrime - Commerzbank survey gives tips for fighting off attacks

Hackers now working towards IT security

Series (2): Philipp Kalweit, white hat hacker, confronts cyber criminals deploying viruses during pandemic

Seven key mega trends shaping technological progress

Hamburg-based firms involved in tech trends shaping our coexistence
The Consent Management Platform ( we use could not be loaded. This can happen if AdBlockers incorrectly block this URL. Some features such as maps, proximity search or forms, cannot be used this way. To use these features, please deactivate your AdBlocker or allow access to *