{"id":65487,"date":"2026-06-24T12:10:43","date_gmt":"2026-06-24T10:10:43","guid":{"rendered":"https:\/\/www.secuinfra.com\/news\/critical-infrastructure-under-attack-what-banks-can-learn-from-attacks-on-hospitals\/"},"modified":"2026-06-24T12:22:49","modified_gmt":"2026-06-24T10:22:49","slug":"critical-infrastructure-under-attack-what-banks-can-learn-from-attacks-on-hospitals","status":"publish","type":"post","link":"https:\/\/www.secuinfra.com\/en\/techtalk\/critical-infrastructure-under-attack-what-banks-can-learn-from-attacks-on-hospitals\/","title":{"rendered":"Critical Infrastructure Under Attack: What Banks Can Learn from Attacks on Hospitals"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_85 counter-flat ez-toc-counter ez-toc-white ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">[inhalt_uebersetzt]<\/p>\n<span class=\"ez-toc-title-toggle\"><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/www.secuinfra.com\/en\/techtalk\/critical-infrastructure-under-attack-what-banks-can-learn-from-attacks-on-hospitals\/#Why_KRITIS_Structures_Are_Particularly_Vulnerable\" >Why KRITIS Structures Are Particularly Vulnerable<\/a><\/li><li class='ez-toc-page-1'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/www.secuinfra.com\/en\/techtalk\/critical-infrastructure-under-attack-what-banks-can-learn-from-attacks-on-hospitals\/#Modern_Attack_Patterns_in_KRITIS_Environments\" >Modern Attack Patterns in KRITIS Environments<\/a><\/li><li class='ez-toc-page-1'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/www.secuinfra.com\/en\/techtalk\/critical-infrastructure-under-attack-what-banks-can-learn-from-attacks-on-hospitals\/#What_Banks_Need_to_Learn_from_This\" >What Banks Need to Learn from This<\/a><\/li><li class='ez-toc-page-1'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/www.secuinfra.com\/en\/techtalk\/critical-infrastructure-under-attack-what-banks-can-learn-from-attacks-on-hospitals\/#Segmentation_and_Zero_Trust_as_Core_Principles\" >Segmentation and Zero Trust as Core Principles<\/a><\/li><li class='ez-toc-page-1'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/www.secuinfra.com\/en\/techtalk\/critical-infrastructure-under-attack-what-banks-can-learn-from-attacks-on-hospitals\/#Why_Resilience_Is_Becoming_More_Important_Than_Prevention_Alone\" >Why Resilience Is Becoming More Important Than Prevention Alone<\/a><\/li><li class='ez-toc-page-1'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/www.secuinfra.com\/en\/techtalk\/critical-infrastructure-under-attack-what-banks-can-learn-from-attacks-on-hospitals\/#The_Role_of_MDR_and_Continuous_Detection\" >The Role of MDR and Continuous Detection<\/a><\/li><li class='ez-toc-page-1'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/www.secuinfra.com\/en\/techtalk\/critical-infrastructure-under-attack-what-banks-can-learn-from-attacks-on-hospitals\/#KRITIS_Requires_Continuous_Cyber_Defense\" >KRITIS Requires Continuous Cyber Defense<\/a><\/li><\/ul><\/nav><\/div>\n\n<p class=\"wp-block-paragraph\">Cyberattacks on hospitals are a prime example of how vulnerable critical infrastructure has become. Unlike in many other industries, these attacks can have not only economic consequences but also potentially direct impacts on human lives. <\/p>\n\n<p class=\"wp-block-paragraph\">That is precisely why the healthcare sector serves as an early warning system for other regulated industries.<\/p>\n\n<p class=\"wp-block-paragraph\">The challenges are similar:<\/p>\n\n<ul class=\"wp-block-list\">\n<li>complex IT environments<\/li>\n\n\n\n<li>Legacy systems<\/li>\n\n\n\n<li>hybrid infrastructures<\/li>\n\n\n\n<li>stringent regulatory requirements<\/li>\n\n\n\n<li>critical business processes<\/li>\n\n\n\n<li>limited security resources<\/li>\n<\/ul>\n\n<p class=\"wp-block-paragraph\">Many of the attack patterns affecting hospitals today can already be observed in a similar form in the financial sector.<\/p>\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Why_KRITIS_Structures_Are_Particularly_Vulnerable\"><\/span>Why KRITIS Structures Are Particularly Vulnerable<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n<p class=\"wp-block-paragraph\">Critical infrastructure often evolves over time. Over the years, complex system landscapes emerge, featuring legacy applications, specialized software, unclear interfaces, heterogeneous identities, third-party access, and shadow IT. <\/p>\n\n<p class=\"wp-block-paragraph\">At the same time, connectivity is constantly increasing. Cloud connections, mobile workstations, external service providers, and digital processes further expand the attack surface. Attackers exploit precisely this complexity.  <\/p>\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Modern_Attack_Patterns_in_KRITIS_Environments\"><\/span>Modern Attack Patterns in KRITIS Environments<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n<p class=\"wp-block-paragraph\">Professional attack groups are increasingly taking a methodical approach to critical infrastructure. Their goal is often to gradually gain control of complex environments. Initial access is gained through compromised identities, phishing campaigns, vulnerabilities in externally accessible services, or misused service provider accounts. Especially in highly interconnected organizations, even a single set of compromised credentials is enough to enable initial movement within the infrastructure.   <\/p>\n\n<p class=\"wp-block-paragraph\">After the initial breach, the actual operational phase begins. Attackers map network structures, examine trust relationships, search for privileged accounts, and move laterally between different system segments. Particularly dangerous are legacy environments in which old systems, new cloud services, and external interfaces are interconnected without access being consistently segmented or monitored.  <\/p>\n\n<p class=\"wp-block-paragraph\">From a technical standpoint, many groups deliberately rely on \u201cliving off the land\u201d techniques. Instead of conspicuous malware, they use existing administrator tools such as PowerShell, WMI, PsExec, or legitimate remote maintenance mechanisms. In cloud environments, compromised API tokens and misused identities are added to the mix. As a result, many activities initially appear to be normal administrative processes. Only by correlating multiple weak signals can one determine that an attack is unfolding.    <\/p>\n\n<p class=\"wp-block-paragraph\">In KRITIS environments, this poses a particular risk. While attackers establish persistence, expand their privileges, and prepare data for future extortion or sabotage scenarios, day-to-day operations initially appear to remain stable. It is precisely this phase that is critical for cyber defense: Anyone who only notices the attack once encryption has occurred or a system has failed has already lost the most crucial part of the window of opportunity.  <\/p>\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"What_Banks_Need_to_Learn_from_This\"><\/span>What Banks Need to Learn from This<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n<p class=\"wp-block-paragraph\">Banks and insurance companies also have complex infrastructures that have evolved over time. Core banking systems, cloud integrations, and external interfaces pose risks similar to those in the healthcare sector. <\/p>\n\n<p class=\"wp-block-paragraph\">The most important lesson is this: Cybersecurity must not be viewed in isolation.<\/p>\n\n<p class=\"wp-block-paragraph\">The ability to continuously detect and contain attacks and ensure operational resilience will be crucial.<\/p>\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Segmentation_and_Zero_Trust_as_Core_Principles\"><\/span>Segmentation and Zero Trust as Core Principles<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n<p class=\"wp-block-paragraph\">Network segmentation is a key factor in the success of modern cyber defense. KRITIS organizations must consistently isolate critical systems from one another. <\/p>\n\n<p class=\"wp-block-paragraph\">These include, among other things:<\/p>\n\n<ul class=\"wp-block-list\">\n<li>Separation of Critical Core Systems<\/li>\n\n\n\n<li>isolated administrative areas<\/li>\n\n\n\n<li>privileged access<\/li>\n\n\n\n<li>Restrictive East-West Communication<\/li>\n\n\n\n<li>Microsegmentation<\/li>\n<\/ul>\n\n<p class=\"wp-block-paragraph\">This approach is complemented by Zero Trust.<\/p>\n\n<p class=\"wp-block-paragraph\">The basic principle: No access is automatically trusted. Every identity, every device, and every connection must be continuously verified. <\/p>\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Why_Resilience_Is_Becoming_More_Important_Than_Prevention_Alone\"><\/span>Why Resilience Is Becoming More Important Than Prevention Alone<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n<p class=\"wp-block-paragraph\">The reality of modern cyberattacks shows that complete prevention is unrealistic. That is why the focus is increasingly shifting to resilience. Companies must assume that individual systems can be compromised.  <\/p>\n\n<p class=\"wp-block-paragraph\">The key point is:<\/p>\n\n<ul class=\"wp-block-list\">\n<li>How quickly is an attack detected?<\/li>\n\n\n\n<li>How far can it spread?<\/li>\n\n\n\n<li>How quickly can critical processes be restored?<\/li>\n<\/ul>\n\n<p class=\"wp-block-paragraph\">To achieve this, organizations need robust incident response plans, tested recovery processes, isolated backups, clear lines of responsibility, and regular drills.<\/p>\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"The_Role_of_MDR_and_Continuous_Detection\"><\/span>The Role of MDR and Continuous Detection<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n<p class=\"wp-block-paragraph\">KRITIS environments require constant visibility. As a result, 24\/7 detection and threat hunting are becoming essential components of modern cyber defense. <\/p>\n\n<p class=\"wp-block-paragraph\">MDR approaches enable centralized telemetry analysis, attack correlation, early detection, rapid escalation, and coordinated incident response.<\/p>\n\n<p class=\"wp-block-paragraph\">This results in a significant improvement in security, particularly in complex infrastructures.<\/p>\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"KRITIS_Requires_Continuous_Cyber_Defense\"><\/span>KRITIS Requires Continuous Cyber Defense<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n<p class=\"wp-block-paragraph\">The healthcare sector illustrates particularly clearly how modern cyberattacks unfold and which structural weaknesses they exploit. The challenges evident in this sector are no longer limited to hospitals. <\/p>\n\n<p class=\"wp-block-paragraph\">Banks, insurance companies, and other critical infrastructure providers must also focus their security strategies more on detection, resilience, and operational responsiveness.<\/p>\n\n<p class=\"wp-block-paragraph\">As a result, cyber defense is evolving from a technical discipline into a core strategic capability of modern organizations.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Cyberattacks on hospitals are a prime example of how vulnerable critical infrastructure has become. Unlike in many other industries, these attacks can have not only economic consequences but also potentially direct impacts on human lives. <\/p>\n","protected":false},"author":27,"featured_media":65486,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[843,81],"tags":[774],"dpc_coauthors":[817],"class_list":["post-65487","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-critis","category-techtalk","tag-cybersecurity-trends-en-2","dpc_coauthors-klaus-wunder"],"acf":[],"_links":{"self":[{"href":"https:\/\/www.secuinfra.com\/en\/wp-json\/wp\/v2\/posts\/65487","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.secuinfra.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.secuinfra.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.secuinfra.com\/en\/wp-json\/wp\/v2\/users\/27"}],"replies":[{"embeddable":true,"href":"https:\/\/www.secuinfra.com\/en\/wp-json\/wp\/v2\/comments?post=65487"}],"version-history":[{"count":2,"href":"https:\/\/www.secuinfra.com\/en\/wp-json\/wp\/v2\/posts\/65487\/revisions"}],"predecessor-version":[{"id":65491,"href":"https:\/\/www.secuinfra.com\/en\/wp-json\/wp\/v2\/posts\/65487\/revisions\/65491"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.secuinfra.com\/en\/wp-json\/wp\/v2\/media\/65486"}],"wp:attachment":[{"href":"https:\/\/www.secuinfra.com\/en\/wp-json\/wp\/v2\/media?parent=65487"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.secuinfra.com\/en\/wp-json\/wp\/v2\/categories?post=65487"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.secuinfra.com\/en\/wp-json\/wp\/v2\/tags?post=65487"},{"taxonomy":"dpc_coauthors","embeddable":true,"href":"https:\/\/www.secuinfra.com\/en\/wp-json\/wp\/v2\/dpc_coauthors?post=65487"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}