IT-supported attacks may have effects that
• are not intended by the attackers.
• do not affect the directly attacked target objects.
• damage third parties not involved.
This due to the high complexity and networking of state-of-the-art information technology as
well as the fact that the dependences of the attacked target objects and the related processes
are usually not obvious.
Among other results, this may mean that the actual protection needs of target objects are
miscalculated or that the persons in charge of target objects do not have a vested interest in
removing the defects of such target objects.
Examples:
• Often, bots installed on IT systems that attackers may use to perform distributed
Denial-of-Service attacks (DDoS attacks) do not represent a direct threat for the
infected systems themselves. This is because the DDoS attacks usually are directed
against IT systems of third parties.
• Attackers may use vulnerabilities of IoT devices in WLANs as an entry gate to attack
other important devices in the same WLAN. That is why such IoT devices must be
protected, even if they only have low protection needs themselves.
• In some circumstances, ransomware attacks on IT systems may trigger chain reactions
and, correspondingly, also affect critical infrastructures. In turn, this could result in
supply bottlenecks for the population, even if the attackers did not intend to achieve
this.