G 0.47 Harmful Side Effects of IT-Based Attacks

IT-based attacks can have impacts that

• are not intended by the attackers, or
• do not affect the directly attacked target objects, or
• harm uninvolved third parties.

The reason for this is the high complexity and interconnection of modern information technology, as well as the fact that the dependencies of the attacked target objects and their associated processes are usually not obvious.

This can, among other things, result in the actual protection requirements of target objects being incorrectly assessed, or those responsible for the target objects having no self-interest in remedying deficiencies in these target objects.

Examples:

• Bots installed on IT systems, with which attackers can conduct distributed denial-of-service attacks (DDoS attacks), often pose no direct danger to the infected IT systems themselves, because DDoS attacks are typically directed against IT systems of third parties.
• Vulnerabilities of IoT devices in WLANs can be exploited by perpetrators as an entry point to attack other more important devices on the same WLAN. Therefore, such IoT devices must also be protected even if they themselves have only low protection requirements.
• Ransomware attacks on IT systems can potentially trigger chain reactions and thus also affect critical infrastructure. This in turn could lead to supply shortages for the population, even if the attackers may not have intended this.