Nearly 9 out of 10 companies are vulnerable to cyber-attacks. This follows from a representative study by the German digital technology association Bitkom, in which more than 1,000 companies from all industries participated. Parabel also has its experience. A company that develops and manufactures technical products for manufacturers of machinery and equipment and the automotive industry. We present an interview with General Manager Michael Krüsselin and IT specialist Jaromír Grač about the hacker attack from which Parabel finally escaped with basically healthy skin. The interview was published in the economic magazine Plus, which is published by the Czech-German Chamber of Commerce and Industry.

When and how did you find out that something was wrong?
Grac: Right in the morning, shortly before seven, my colleagues told me that SAP was not working. I immediately went to work, checked the servers, and tried to log in to SAP. The servers were online, but SAP reported an error. I could not log in to the SAP server even as an administrator. It was immediately clear to me that we had a problem throughout the company, not just individual employees. I tried restarting the server, but that didn’t help either. Then I checked the logs in Windows on the server, I wanted to find out if, for example, the update took place in the evening, but it did not take place. That was all I could do at that moment. I reported the problem to ABIA, which manages our SAP. In about an hour or two, it was clear that our SAP was corrupted, some data was deleted, and some services were corrupted, and a hacker attack was likely. So I contacted NWT, which manages our servers.

What did you learn from them about the hacker attack?
Grac: There they found out that our server had been watching an unknown “guest” for two days. He focused on SAP, uploading hacking to its programs and scripts, and tried to destroy the server backups. He also tried to encrypt the SAP server, but our antivirus program prevented it, the hacker could not uninstall it. NWT backed up the SAP server for further investigation and restored the pre-attack version of the server. Thanks to the backup technology, the recovery took about half an hour, and it took much more time to check the SAP server and the entire environment. It was necessary to find out if the attacker did not get to other devices or servers.

So the hacker wanted to block or steal your data and then enforce a ransom?
Krüsselin: Yes, if we lost the data, he would probably do it. Fortunately, we did not lose any data in SAP, we had a backup from the previous day. Less than half a year ago, we bought new antivirus software and it saved us from the worst. The police told us that companies that had experienced similar attacks and had the same antivirus as we were originally not protected.

In other words, you got away with it with healthy skin.
Krüsselin: Yes, for now.

We are happy about that. How such attacks take place and how we can protect ourselves from them is very important information for our members. There is a need to do a cyber security audit.
Krüsselin: Exactly. We knew the experiences of others, so some time ago we started to deal with this topic more intensively and we secured ourselves better. That saved us. As you say, we escaped with healthy skin.

Can you quantify the approximate damage?
Krüsselin: Maintenance and service cost us about 50,000 crowns. In addition, we could not work in SAP for one and a half days. This means that we could not send offers, we could not issue invoices, we could not process orders. These
we cannot estimate the damage.

Do you have any idea how that uninvited guest got to your server? Was any of your employees responsible for this, either intentionally or unintentionally? The home office is sometimes criticized because, for example, a VPN connection can be a gateway for hackers.
Grac: Hard to say. The attack can take place, for example, through insufficiently secured services, through a camera system, via a mobile phone. Today, every employee has a mobile phone with mobile data. When he’s on a public network, he can be attacked by a hacker. And suddenly you have an infected device in the corporate network and there is an immediate hole in the system. A hacker can gain access to the internal network and exploit it. All we know is that the IP address from which the attack occurred was from abroad. Only our internet provider can pass on complete information about protocols, etc. to the police. So we have to wait for the police to find out.

Why do you think Parabel became the target of the attack? Or do hackers behave like cows – save everything they have around them?
Krüsselin: I think it can happen to any company. It was probably a global attack, hackers were looking for interesting addresses and their weaknesses. The police told us that similar attacks on other companies took place at that time. They believe that it is an organized group.

What do you think should take some steps now to ensure that this does not happen again in the future? Does SAP have to change anything, do companies have to take care of it? Do you expect the state to help you?
Krüsselin: We would like the state to help us, but we don’t believe it will. There is too much talk and little action. Ours
the company is 25 years old this year. We have never received help from the state. We have always helped ourselves and so will be in the future. There is no other way.

What could the public sector do?
Krüsselin: In any case, it should be more restrictive in the area of ​​criminal law, tightening penalties. Maybe the police should
be more active in this area. It is a complex problem, not only for companies but also for private individuals, each of us.

You can read the article here: interview_parabel