A Journey Through the History of Cryptography – Part 2

A Journey Through the History of Cryptography – Part 2

We hope that after our first contribution on of cryptography you have found your way back to your office safely and eagerly awaited this continuation. During our first exploration, we got to know different encryption methods, that have poven to be formative for the further development of cryptography: Methods of steganography in antiquity as a predecessor of cryptography, the Caesar cipher from the Roman Empire, the Vigenére cipher after the French diplomat and cryptographer Blaise de Vigenére and the first machine cryptography of the National Socialists in World War II. Some of them were long considered uncrackable, but even the Enigma of the National Socialists was successfully deciphered during the Second World War after much fiddling. In this article, we will focus on digital encryption systems and take a closer look at so-called symmetrical encryption methods.

A few things first

For the encryption of plaintext, either substitution ciphers or transposition ciphers are used. In the first variant, substitution, the letters or characters of the information to be encrypted are replaced by other characters. We already learned about this kind of encryption in our first article: encryption methods such as the Caesar cipher or Enigma used this cipher to make information unrecognizable. Another possibility is transposition. Here, all the plaintext characters and letters remain unchanged, but their position is different. An example of this would be:

Example Transposition

In plain language: HELLO

Transposition: OLLEH

Encoding and decoding of information: Symmetry of encryption

There are endless possibilities to encrypt messages or data. Which brings us to our first stop. All the stations we visited in the first article have one thing in common: They are all based on the same encryption method: symmetric encryption.

The principle of symmetric encryption describes the encryption and decryption between sender and recipient using a single key. However, the key must first be transferred to the recipient together with the encrypted message so that the recipient can read the message in plain text. This is similar to the envoy who once traveled from the sender with the message to the recipient to deliver it. Until the 1970s, only symmetrical encryption methods were used. A well-known and widespread encryption method is the Data Encryption Standard (DES),which we will take a closer look at at our next station.

From IBM and the NSA to the DES data encryption standard

DES was developed in the 1970s, following a call by the NSA to develop a common standard for the encryption of confidential data across agencies.

An IBM development team led by Walter Tuchman, Don Coppersmith and Alan Konheim then submitted a promising proposal for an appropriate encryption method, and it was promptly commissioned. On 17th March 1975, the algorithm designed by IBM was published in the Federal Register and approved as an encryption standard just one year later.

document-graphic-des-encryption-en

DES uses a 56-bit key and a combination of diffusion and confusion elements. The information to be encrypted is divided into many blocks of equal size. Each block is individually encrypted using a round key and “scrambled” in 16 rounds, also called iterations. In order to decrypt the message again, the blocks must be put back into the correct order.

Many questions were raised about the role of the NSA in this project. The NSA is said to have deliberately installed a back door so that they can read the encrypted information. The main reason for these suspicions was the discussion about the key length: IBM preferred a key length of 64 bits, while the NSA considered a key length of 48 bits to be sufficient. It was then agreed to 56 bits.

DES was widely used in ATMs and was therefore considered a very secure encryption system. In 1998, however, “Deep Crack” succeeded in cracking the 56-bit key for the first time. The device was able to decrypt the DES algorithm within a few days using the brute force method.Today, this would be possible in a very short time. DES was therefore attested to be highly vulnerable to brute force attacks.

In 2001, the Advanced Encryption Standard replaced DES as its successor. This brings us to our next station.

More security through Advanced Encryption Standard (AES)

Since DES with its 56-bit key had not been sufficiently protected against brute force attacks since the 1990s, the American Department of Commerce issued a request for proposals for a successor algorithm on January 2, 1997. To ensure a certain level of security of the Advanced Encryption Standard, the algorithm had to meet certain criteria.

Selection criteria AES:

• Symmetric algorithm, block cipher

• Use of 128-bit-long blocks

• Insertion of 128-, 192- and 256-bit-long keys possible

• Above-average performance in hardware and software

• Resistance to cryptanalysis

Fifteen proposals were submitted by the deadline of 15th June 1998. Among the five best candidates were the algorithms MARS, RC6, Rijndael, Serpent and Twofish. Since all candidates met the required criteria, additional requirements were set up to select a winner. Since Rijndael appeared superior mainly because of its simple software implementation, security and speed, the Belgian algorithm was announced as winner on 2nd of October in 2000.

But the choice of the winner was not undisputed. Critics also saw weaknesses in the advantages of the structure and efficiency of the Rijndael algorithm. They argued that the simpler the structure of an algorithm is, the easier it is for hackers to understand and hack it. Practically relevant attacks, however, do not exist even today, so AES is still considered very secure. The use of AES encryption is widespread, for example in wireless LAN, VPNs, VoIP telephony and the encryption of files.

From symmetry to asymmetry

As already mentioned, DES and its successor AES are based on symmetric encryption. Another encryption method is asymmetric encryption. Unlike symmetric encryption, asymmetric encryption relies on two key pairs: the so-called private key and the public key. The sender encrypts his message with the public key of the recipient. The recipient, in turn, can only decrypt the message with his private key. The private key is, as the name suggests, private and remains stored on the recipient’s own devices as far as possible. This process ensures that only the legitimate recipient can decipher the message. Prominent encryption techniques that use asymmetric encryption are PGP and S/MIME.

We will also take a closer look at these two encryption techniques, but we will not do so until the next article: To be continued …

A Journey Through the History of Cryptography - Part 2
A journey through the history of cryptography – Part 1

A journey through the history of cryptography – Part 1

A never ending story? Data breaches at major companies dominate the headlines throughout the world’s newspapers. They have increasingly become a permanent topic in public reporting, but along with that, companies are also becoming more aware of the need to protect sensitive data from third-party access. The Ponemon Institute has observed a steady increase in the implementation of encryption strategies in companies over the past 14 years.

However, legal regulations, especially within Europe, force companies to use encryption. An important factor here is the General Data Protection Regulation (GDPR), which has been enforced since May of 2018. Personal data must be encrypted as soon as it is transmitted over the Internet or stored in the cloud, while encrypted communication was hardly considered at all a few years ago, it is currently “in vogue”.

It is important to note that encryption is not a modern invention. From a historical point of view, the beginnings date back for centuries of time, as we know the Roman commander Gaius Julius Caesar already exchanged encrypted messages with his military leaders. In this article, we will take a look back into the past to better understand today’s cryptography.

Before we enter our time machine, tighten our helmets and set off on a hunt for clues, we want to point out that side effects such as nausea, headaches and confusion can occur during this journey. We will attempt to provide the best possible service during your trip through the history of cryptography. Fasten your seat belts!

Historical cover-up – also known as: lemon juice on parchment

In the year 480, we are in the middle of the age of antiquity. Roman commanders compete for the rule of the Roman kingdom. Intrigues, murders and other fraudulent activities must be planned and executed. But how can such a planned assassination be transmitted to the contractor, undetected? Have you ever heard of lemon juice on parchment? It represents a classic secret communication channel.

The text is written on parchment using lemon juice. After the lemon juice has dried, the parchment gives the impression of a blank sheet. The recipient of the message can still decode the message very easily. For example, in those days he would hold a candle behind the parchment and thus be able to make the lemon juice visible and read the message.

In addition, there were several other methods that were used in antiquity. Slaves were used to shave the hair off their heads, tattoo the message on the back of their heads and wait for the hair to grow back to deliver the message to the rightful recipient. Without question, this was one of the more radical means of communication, and was not suitable for urgent messages either.

The procedures just described belong to steganography, which is clearly distinguishable from cryptography. Steganography is based on the hope that an outsider does not notice that two private parties are communicating with each other.

Beginnings of cryptography: Asterix and Obelix visiting Caesar

Opposite of steganography, cryptographic communication happens between two or more communication partners with language that may be visible, but remains confidential. Only the information itself is not visible to outsiders, through the encryption of the message.

Let us stay in Rome. Let’s immerse ourselves in the world of the Gauls and Romans.

A popular encryption technique was developed by a very well-known historical personality: Gaius Julius Caesar. Known today as the Caesar cipher, the later Roman emperor communicated with his military leaders through encrypted messages. Neither unauthorized persons nor the enemy, in this case the Gauls, knew the purpose of the coded texts. But as time passed, this encryption method could be cracked in quite a few simple ways.

The Caesar cipher is a simple symmetric encryption method, and is based on a substitution. This means that each letter used in the message is replaced by a new letter. The substituting letter results from a letter offset within the alphabet that is determined in advance. For example, a shift of three digits. In this case, “Thank you” becomes “Gdqnh”. For the decryption a cipher disk was often used to avoid having to constantly repeat the alphabet. With this type of encryption, the recipient only had to be informed in advance about the offset with a secret key.

An unauthorized person could not initially get anything out of the message without the key, but once he or she has spent some time on it, it is easy to decrypt the message after an average of 25 attempts. This is because they had to check the alphabet at a maximum of once to discover the correct letter offset. Today’s computers would take less than a second to do this. The Caesar cipher is therefore no longer considered secure and has been replaced by newer methods. All aboard, we’re off to France in the 16th century.

A journey through the history of cryptography - Part 1

From Rome to France

One of the methods that replaced the Caesar cipher as a more secure alternative was the one developed by French diplomat and cryptographer Blaise de Vigenère in the 16th century, also known as the Vigenère cipher. It is comparable to the Caesar cipher, and is also based on the substitution of letters, but it uses several ciphertext alphabets.

How many alphabets are used, is determined by a key. Instead of a number, a keyword is chosen, which is written under the encrypted message. The keyword specifies the letter offset for each letter. The first letter of the keyword defines the alphabet for the first letter of the clear text, the second letter of the keyword determines the alphabet for the second letter of the clear text.

Example Vigenère Chiffre

Keyword: Present | Message: We give Tom a voucher for his birthday

W E G I V E T O M A V O U C H E R F O R H I S B I R T H D A Y

P R E S E N T P R E S E N T P R E S E N T P R E S E N T P R E

The “P” now gives a letter offset of sixteen letters, since the “P” is in the sixteenth position in the alphabet. The “R” shifts eighteen letters and so on. So the “WE” becomes a “MW”.

The safety of this encryption method is strongly related to the key length and whether the key is used multiple times. The keyword in our example is therefore not really secure.

However, some years later this encryption method turned out to be easily decoded. We will now take a look at another encryption method that was considered indecipherable for a long time.

Enigma and the Turing Machine

We make a stop in Germany in the 1930s. Similar to the Caesar cipher, encryption methods were mainly used in a military context. Therefore, it is hardly surprising that Germany also made use of encrypted communication during the Second World War. The special aspect of this type of encryption was that it was encrypted and decrypted by using a machine. The key was modified every day, so that it lost its validity after 24 hours. That machine is called Enigma.

Enigma was invented by Arthur Scherbius in 1918 as a special machine for routine cipher and decipher. The basic operating concept dated back to the years of the First World War. The First World War is considered the first war in which cryptography was systematically used. Already during the war and in the years after it, the first machines were developed which offered a significantly higher level of security than the manual methods. Enigma was offered for sale, but was met with very little interest from both the business community and government agencies. It was not until 1933, under Hitler, that Enigma became part of the standard equipment of the National Socialists. But how exactly does this odd machine work?

At first sight it resembles a classic typewriter, but inside it hides a rather complicated system. The operating principle is based on simple electric circuits, each of them connecting a letter key on the keypad to an electric light that illuminates a letter on the display. However, the “A” is not connected to the “A” on the display panel: all the rollers are interlocked according to a specific system. The message can therefore only be decoded if the recipient knows all the settings of the transmitting enigma.

Sounds like an insurmountable encryption, doesn’t it? But it was cracked by a British computer scientist in 1941. Alan Turing declared war on Enigma with a self-developed “Turing machine” and eventually won. Historians claim that this machine ended World War II prematurely and saved millions of lives.

Principle of modern cryptography

Before we now start our journey back to your offices, we would like to give you something to conclude:

As you have now learned at our various stations, even systems whose encryption algorithm was known only by the receiver and sender were able to be deciphered. One principle of modern cryptography, also known as Kerckhoff’s principle, therefore states that the reliability of a (symmetric) encryption method is based on the security of the key rather than on the secrecy of the algorithm. It is therefore advisable to use public algorithms that have already been sufficiently analyzed.

However, our journey into the history of cryptography is not over with this article, because one question remains open: Are there secure methods for encryption? To be continued …

Industry 4.0 – how secure is the production of the future?

Industry 4.0 – how secure is the production of the future?

The digital transformation is increasingly reaching the industrial sector: machines and systems are networked. Due to the automatic and digital handling of production processes information is transparent and available at anytime, anywhere. The fourth industrial revolution has begun.
But what advantages does industry 4.0 really offer companies? And what can happen if cyber-criminals use total networking for their benefit?
An informative and detailed blogpost awaits you – but you want to get straight to the point? Go directly to…

The dawn of a new age

Let’s start with industry in its most original form: industry 1.0. For the first time, goods were produced with machines. In industry 2.0, electrical energy made mass production possible. Manufacturing processes automated by computer-aided electronics characterize industry 3.0.
Today, we speak of industry 4.0: The complete networking of production plants and systems via information and communication technology. Production machines communicate with each other and organize themselves. This makes the production more flexible, dynamic and efficient. The interconnectivity makes it possible to track the entire production life cycle.
Converting to a smart factory confronts many companies with challenges in terms of infrastructure and security. Networked sensors, machines and systems create new targets for cyber criminals. Infections with malware, extortion, break-ins via remote maintenance access and human misconduct are major threats to smart factories.
Industry 4.0 was the number one trend theme at Hannover Messe 2019.

Advantages of the industrial revolution

Let’s first take a look at the advantages of smart factories: One of the most particular advantages is process optimization. Networking makes information available in real time the use of resources can be checked more quickly and thus adapted more efficiently.
Each production step can be monitored, coordinated, and planned from any location. The exchange of information between the machines not only functions at the production site, but also worldwide. In this way, everyone involved in the production process can obtain information on the product from any location.
The transparency of the manufacturing processes enables companies to produce with more flexibility, because those involved have an overview of the production – processes can be adapted quickly and efficiently in the event of changes. In addition, the systems share information with the company’s employees – because people continue to play an important role, despite increasing digitalization. In this way, everyone involved in the production process can obtain information on the product from any location.
Industry 4.0 creates enormous competitive advantages and growth opportunities for companies. According to the BDI (The Voice of German Industry), experts forecast productivity increases of up to 30 percent in 2025.
 

Intelligent sensors – the sensory organs of machines

 
Intelligent sensors are a prerequisite for a smart factory. They monitor and control processes and ensure reliability in production. In addition to recording measured variables, they must also process signals.
But what makes the sensor intelligent? Sensors of an industrial 4.0 factory are connected to the hardware via IO-link technology. This makes them active participants in the factory’s automation network. The smart sensor is equipped with special software that enables it not only to acquire data, but also to evaluate it. It only passes on the relevant data and functions as a sensory organ of the machines. For example, it can detect anomalies in the process caused by vibrations before any damage occurs to the production plant. The collected sensor data information can be made available in a data pool such as the cloud.
Despite all the process optimizations that are possible, the connection of the sensors to the network is a weak point. A security breach that cyber-criminals can use for attacks.
 

The smart factory needs external IT infrastructures

 
In order for companies of any size to be able to use the full bandwidth of industry 4.0, high computing power is required. This is where cloud computing comes into play. With cloud computing, IT infrastructures don’t need to be used on the local computers but in an outsourced, usually redundant network.
Especially in the context of industry 4.0, technologies such as the cloud are becoming indispensable for companies. Total networking and the use of smart sensors generate large amounts of data. The cloud enables companies to permanently access the collected data from the production process from any location. In industry 4.0, it serves as a platform for storing data in real time and offers companies worldwide secure networking of systems and facilities.
The data cloud has established itself in the IT environment. According to Bitkom, three-quarters of companies already use outsourced IT infrastructures because the cloud makes it easy to introduce new IT systems. Especially when entering industry 4.0, companies need flexible solutions for storing and processing their data.

The target of cyber-criminals: Attacks from inside and outside

The security aspect inhibits companies from entering industry 4.0 because the threats posed by cyber-attacks are no longer invisible. The World Economic Forum asked participants about the probability and influence of global threats – cyber-attacks find their place in both top 10 lists, alongside natural disasters, water crises and epidemics. .
The networking of people and machines in the entire production process is increasing the attack surface for cyber-criminals. Technical, organizational, and human deficits in companies can open various doors for cyber-attacks.
External attacks usually take place via the Internet. Due to the initial connection of outdated IT systems within the internet, large security gaps arose that were undetected by cyber-criminals. Remote maintenance accesses can also create loopholes through which harmful data can enter. The consequences are devastating: hackers can manipulate the production, steal data, and blackmail companies. There is also a risk that cyber-criminals could gain access to the control of machines or paralyze the company’s internal energy network.
Internal security cannot be ignored either. Hackers take advantage of human vulnerabilities through social engineering, and make employees inadvertently infiltrate malware or ransomware into the corporate system via email. These are transferred to IT systems and spread over the entire production process.
Cyber-criminals become more creative and the scale of their attacks, especially in networked systems, gets increasingly devastating. In March, a cyber-attack was launched on the Norwegian aluminium group Norsk Hydro. Hackers introduced ransomware into the company’s IT systems. The internal networking affected IT systems of almost all business areas and the global network was paralyzed. According to Spiegel Online, the company has become a victim of the ransomware LockerGoga which encrypted numerous files of the company.
Industry 4.0 – how secure is the production of the future?
The cyber-criminals behind the decryption demanded a ransom in the form of crypto-currency. In order to protect itself against the spread of malware, the company switched the production to manual operation, which led to restriction.
As a result of the hacker attack, Norsk Hydro suffered losses of over 30 million euros. However, the international aluminum producer is only one of many industrial companies: According to the IT association Bitkom, eight out of ten industrial companies in Germany fall victim to cyberattacks.
 

Security: the key to a successful entry into industry 4.0

 
Half of all machines in every tenth German company is already networked via the internet. But the vision of the fourth industrial revolution was built on old security protocols. To comprehensively protect smart, networked factories from cyberattacks, companies need a multi-level security concept that not only protects industrial networks, but also the cloud and the data volumes stored in it. The industry sector is an attractive target for cybercriminals because of its high economic power and its importance in the supply chain. Hackers use a large pool of attack vectors to penetrate the corporate system.
Email is also the main gateway in this area: It is the primary way of communication in companies worldwide. A professionally designed fraud mail is not easy to detect, and so access data or other sensitive information unintentionally leaves the company and ends up directly with the cybercriminals who exploit it for further action. With paying more attention to the increasing global cybercrime activities, high financial losses and physical damages can be limited and prevented. All the reports of attacks on industrial enterprises show, that the digital progress not only involves advantages – it is important to think about the resulting security gaps.
Sources
Malware – The Cyber Century’s Growing Threat

Malware – The Cyber Century’s Growing Threat

In the last two years, malicious programs like WannaCry, Petya and Ryuk have made it abundantly clear that malware and cyberattacks are entirely capable of bringing companies with inadequate cybersecurity to the brink of a shutdown and even driving them to bankruptcy.
During 2018, the Hornetsecurity Security Lab noticed a massive increase in emails with harmful attachments. The Emotet, Hancinator, Zeus and Trickbot trojans gave companies particular cause to be wary – in terms of email volume, these were among the biggest malware campaigns of 2018. A breakdown of malware attacks and their monthly incidence throughout 2018 is shown in the infographic. Hornetsecurity has analyzed the individual campaigns and painted a clear picture of what formats and files were concealing malicious software.
Malware is now the biggest threat to businesses, as according to the BSI (Federal Office for Information Security) report on “The State of IT-Security in Germany 2018”, 57 percent of all recorded cyberattacks can be traced back to malware infections. Email communication is the main method of transmission – masquerading as a harmless email, malware may be hiding in an attached Office file, for instance.
Ransomware, cryptominers, and spyware can lurk in Word documents as well as behind web links, and are among the varieties of malware most favored by cybercriminals. While malware sent via indiscriminate mass email (also known as spam) has declined sharply in recent years, businesses in particular are more and more often subjected to targeted and complex attack campaigns. Hackers are increasingly using social engineering and spear phishing to sneak malware onto company operating systems.
Over the last two years, the proportion of all recorded email traffic that is infected with malware has risen to around 1.3 percent. When dealing with a volume of 1,000 emails per day, that means at least 13 emails will contain malware; for a company that receives several thousand emails a day, it means that without adequate email security, the risk of falling victim to a malware attack is extremely high. After all, this is a particularly lucrative approach for cybercriminals. The German industry alone lost a total of around EUR 43 million due to malicious software in 2017 and 2018.
Developments such as growing connectivity and changing communication platforms will likely increase malware attacks and associated losses even further. Cyber risks are among the greatest dangers of going digital. Ransomware, one of the most widespread types of malware, is a particularly promising source of profit for hackers. . The fear of negative PR and the potentially far-reaching consequences inadequately protecting internal data is too high.
The last few years show a clear trend in the spread of malware: attacks will continue to proliferate. Until companies consider email and cybersecurity a necessary requirement in safely maintaining corporate communication and operational processes, cybercriminals will keep cashing in at their expense.
EFAIL: A vulnerability in the PGP and S/MIME encryption methods?

EFAIL: A vulnerability in the PGP and S/MIME encryption methods?

UPDATE from May 16, 2018:
In order to proactively protect our corporate customers, who are still encrypting and decrypting their emails via an in-house solution and have not yet booked the Hornetsecurity Encryption Service, from EFAIL, we have also developed a special filter level for attacks according to the EFAIL pattern. The only prerequisite for this is that their email communication runs via the Hornetsecurity servers, which is generally the case with our email security products.   The filter level is already activated by default for all our customers who have booked at least the Hornetsecurity spam filter service and. It protects not only against EFAIL, but also against future attacks with similar patterns.   +++++   A known vulnerability is transferred to the PGP and S/MIME protocols and takes email manipulation to a new level. No problem for Hornetsecurity.
On Monday, May 14, 2018, a team of security researchers from the University of Applied Sciences Münster, the Ruhr University Bochum and the University of Leuven (Belgium) published a paper that questions the security of the PGP and S/MIME encryption standards and thus attracts worldwide attention.
However, the vulnerabilities discovered (CVE-2017-17688 and CVE-2017-17689) do not affect the protocols themselves, but use an already known vulnerability to decrypt encrypted emails by the mail client and send them to the attacker.
A prerequisite for the execution of the attacks is that the attacker already possesses emails in encrypted form. To do this, the emails need to be intercepted during transport. The attacker must have previously executed a man-in-the-middle attack (MitM) or compromised a mail server to gain access to the emails passing through him or the server. Only if these requirements are met, the attacker can execute one of the EFAIL attacks described in the paper.
The authors of the paper present two similar attacking methods to decrypt emails with existing PGP or S/MIME encryption.
The first method is quite simple, but limited to certain email clients (Apple Mail, iOS Mail, Mozilla Thunderbird) and any third-party plug-ins installed there:
To do this, the attacker creates an email with three body parts. The first part formats the email as HTML and inserts an image tag with a target website. The quotation marks and the image tag are not closed. This is followed in the second body part by the PGP- or S/MIME-encrypted text. The third part consists of HTML formatting again and closes the image tag from part one.

(Source: EFAIL attacks, 14/05/04 )

If the attacker sends this email to the sender of the encrypted message, it is possible that the message is decrypted and transmitted to the stored website. To do this, the email client must be configured so that it automatically downloads external images without asking the user.
The second way to read PGP or S/MIME encrypted emails is a well-known method of how to extract plain text in blocks of encrypted messages.
The attacking scenarios are called CBC attack (S/MIME) and CFB attack (PGP). They determine a known text portion in an encrypted message and overwrites subsequent blocks with their own content. The EFAIL attack inserts an image tag with a target website into the encrypted text, as described in the first part. If the message is then delivered to the actual recipient of the encrypted message, it is possible that the message is decrypted and transmitted to the attacker.
EFAIL: A vulnerability in the PGP and S/MIME encryption methods?

Stay in touch

Sign up to get the latest News about Cloud Security.

Oops! We could not locate your form.

The emails encrypted by Hornetsecurity are protected by design against attacks of this kind, since Hornetsecurity does not even allow the different content types (multipart/mixed) required for the attack.
The encryption methods themselves – S/MIME and PGP – were not broken; rather, vulnerabilities were found in email clients for HTML emails that bypass these encryption techniques. In addition, we object to the recommendation of various security researchers to generally deactivate content encryption: PGP and S/MIME are still not per se more insecure than a pure transport-encrypted transmission or no encryption at all, even after this publication. Since the attack requires a MitM attack, i.e. a breaking of the possible transport encryption, a general levering out of content encryption would be fatal: Possible attackers could even read the email traffic directly like a postcard!
Hornetsecurity Encryption Service, which is immune to EFAIL, does not require any client plug-ins: Encryption and decryption are fully automated by Hornetsecurity in the cloud – no installation, maintenance or user interaction is required – simply secure!

Further information:

“For your safety” – Beware of fake ING-DiBa emails

“For your safety” – Beware of fake ING-DiBa emails

Cybercriminals are currently trying to obtain sensitive data from ING-DiBa customers with dubious fake emails. The fake email claims that a problem has occurred during a routine security check of the online banking system. It advises that customers should immediately log on to an external website to avoid troubles with their bank.
However, in reality, this is a phishing attack that tries to collect personal information. In the following blog article, you will learn in detail how to protect yourself from fake emails or phishing attacks.

The fake email from our example

"For your safety" - Beware of fake ING-DiBa emails

A German ING-DIBA fake email (click for zoom)

The adjacent picture shows the detailed structure of the fake email – allegedly sent by ING-DiBa – in an iPhone mailbox. In fact, the email is part of a mass phishing attack and the message was sent fraudulently to a variety of email recipients.
For example, the subject line states “For Your Safety (Reference Number: xyz)”, and the presumable arbitrary order of the combination was set to “kx5qrvnzx3h” in this case. Before we blackened the personal information for reasons of data protection, we noticed that both the recipient’s address and the sender’s address had the same information. This was already a first indication of a fake email.
This scam is not uncommon amongst perpetrators when it comes to gathering information about their randomly selected victims via phishing. Those affected are especially inclined to follow the attached link if the phishing or fake email is opened on a mobile device, as it is in this case. This is particularly true if they are actual customers of the bank mentioned in the email.
In everyday life, too, recipients of phishing emails are also quick to follow the link when receiving such an email. The attacker offers the targeted person appropriate options in case a recipient does not have an account with ING-DiBa. In our example, the recipient has the opportunity to follow a flashy red button and allegedly communicate that he is not a customer of ING-DiBa. The destination of the link, however, is a phishing website, which is intended to tap user data in a big way from the mostly unsuspecting victims. The fake security notification of ING-DiBa is not an isolated case.

6 tips to detect phishing or fake emails

With the following tips, you will be able to detect phishing or fake emails to protect yourself from being affected by such attacks.

Feature No. 1: The salutation

It is striking that either a standard phrase is used to address the target person, or the salutation is completely missing. Very rarely recipients of phishing emails are addressed with their whole name. This is due to the fact that fake emails are not isolated cases, but often automated emails which are sent out millions of times. Individual addresses are rather the exception. In our example there was no address at all.
Once the victim has entered his details into the according form fields and pressed the confirmation button, the cybercriminal is in possession of the login details. Now he can make orders in online shops under false names or get access to sensitive account or company data. The phishing attack has been successful.
"For your safety" - Beware of fake ING-DiBa emails

Stay in touch

Sign up to get the latest News about Cloud Security.

Oops! We could not locate your form.

Feature No. 2: Content of the email

A phishing mail is contextually designed to hide the true intentions towards the recipient at least until he first clicks on one of the attached links. These following baits are very popular with cyber crooks:
  • Fake emails in the form of alleged PayPal security notifications
  • Phishing emails which seem to come from banks or other institutions
  • Fake email notifications that seem to come from Amazon or Ebay
  • Fake security issues in social media accounts that need to be resolved promptly
This shows that cybercriminals are very creative when it comes to fooling their victims.

Feature No. 3: The call to action

Once the attacker has created and sent out his fake email, he urges the recipient to act. In this specific case, the targeted person is initially led to an external page by clicking on a link. This page usually resembles closely the login area of a bank, an online retailer or any other company that offers certain Internet services.

Feature No. 4: The time shortage

An effective means often used by attackers is the limitation of time. This is an attempt to put the victim under stress and distract it. In our example, this is stated as follows: “Please log into your account as soon as possible to avoid any delay in your banking activities.”
Fear-spreading phrases in the subject line, such as “Your account has been suspended” or “An amount has been debited from your account” are also quite popular and common. These sentences cause some recipients to panic, so they follow the attached link without much thought.

Feature No. 5: Questionable buttons and links

In order to successfully carry out the process of phishing, a related link in text or button form is part of the standard repertoire of any phishing or fake email. This is also the case in our example.
Therefore, when it comes to questionable security queries that have a link, we recommend that you do not access these links from your email program. Instead, you should always directly log in to your user accounts via a browser or via the official website of the provider. This applies to online services of any kind.

Feature No. 6: This is how reputable companies and institutes work

As far as the detection of phishing emails or fake emails is concerned, it should always be remembered that reputable companies or institutes would never ask you to disclose personal information via email.
For this reason, various banks regularly point to the problem of fake emails or the so-called phishing mails. One bank states for example:
“Volksbank Raiffeisenbank or BVR will never ask bank customers for personal information such as PIN or account number via email. Neither will we insert a link to online banking in emails or ask bank customers to make test or remittance transfers. These practices are always indicators of attempted fraud.” (Source: Volksbank Raiffeisenbank)
Therefore, you can delete such an email immediately. This is ultimately the simplest way to counter a phishing attack.

Additional service information