Cyberattacks can hit anyone – including authorities
For example, a website can go offline, but the entire network can also be affected. Aside from financial losses, confidential information sometimes falls into the wrong hands, with devastating consequences: data loss, system failure, liability claims due to a data protection violation and reputational damage are just some examples.
In order to penetrate IT systems, the perpetrators try to trick employees of the authority concerned into doing something without actually wanting to, e.g. opening an email attachment, clicking on a link, entering personal data such as passwords or making a payment.
Common method: social engineering
A common method is called social engineering, which often involves the perpetrators finding out about the administrative structure in advance. This is done using publicly accessible information on the website of the communal administration or social media, for instance. A target is then selected and confronted with a tailor-made scenario. For example, the perpetrators attempt to obtain usernames and passwords by pretending to be employees of a software company on the phone. By claiming acute computer problems and feigning knowledge of the company, they make the target insecure enough to divulge the desired information. Sometimes, criminals also misuse the names of administrative units, e.g. the tax administration, or energy suppliers in their emails or phone calls.