Global cyberwar: Endpoints serve as gateways for hackers

  • NATO partners register “increased aggressive scanning activity” for vulnerabilities  
  • Routers, smart machines, manufacturing, and all networked assets make it easier for hackers to gain access  
  • IoT Inspector offers free security checks for critical infrastructures 

Dusseldorf, Germany, March 1, 2022 – The German Federal Office for Information Security (BSI) sent out its third warning letter to local companies and government agencies last week to warn of massive cyberattacks in the wake of the war in Ukraine. “Within a few days, the emergency of a war in Europe has become reality. Any IT infrastructure now requires special protection against hacking attacks, and alerts must be at the highest level. Critical infrastructure is especially at risk,” warns Jan Wendenburg, CEO of IoT Inspector. His team has developed the largest European platform for automated security checks of firmware on the Internet of Things. The scans detected by NATO, which point to hackers, include every gateway into an infrastructure to harm businesses, government agencies and institutions. Network building blocks such as routers, IP cameras, IP phones, system controllers, industrial production equipment, and smart buildings often serve as entry points.

Critical infrastructures particularly affected – IoT Inspector offers free security checks

IoT Inspector’s automated process allows for automated device firmware checks within minutes. Following warnings from the BSI and other international security authorities, IoT Inspector offers critical infrastructures a free security check to identify potentially dangerous IoT endpoints in just a few minutes. This allows for quick decision-making on whether to update or disconnect the devices from the network. Infrastructure operators can contact IoT Inspector directly to take advantage of this first aid quickly and without red tape.

Device manufacturers are also encouraged to close security gaps and fix them via firmware updates. Tests conducted in IoT Inspector’s lab found dangerous potential for successful hacking attacks in nearly every device. The danger here is greater than ever: the day before the Russian invasion of Ukraine, numerous distributed denial of service attacks, or DDoS, were recorded against Ukrainian critical infrastructure. As with previous DDoS attacks, so-called wipers were also found on Ukrainian computers. These programs are designed to delete data and render computers unusable – a typical weapon in cyberwar.

Scanning activity must be taken seriously

The aggressive scanning activity increasingly detected in networks around the globe in recent days is seen by the BSI as possible preparatory actions for later attacks. “The activities must be taken very seriously, and measures to counter them must be taken as quickly as possible,” says Jan Wendenburg of IoT Inspector. According to the BSI, however, collateral damage outside of Ukraine could not be ruled out, and the agency considered possible scenarios to include computer worms such as WannaCry and NotPetya, or targeted attacks on supply chains to attack basic services as well as energy, water, and medical facilities. A quick response is therefore necessary, according to IT experts at BSI and IoT Inspector. The faster risks are checked, the faster dangerous security gaps can be closed by manufacturers, IT departments and authorities.


ONEKEY is the leading European specialist in Product Cybersecurity & Compliance Management and part of the investment portfolio of PricewaterhouseCoopers Germany (PwC). The unique combination of an automated Product Cybersecurity & Compliance Platform (PCCP) with expert knowledge and consulting services provides fast and comprehensive analysis, support, and management to improve product cybersecurity and compliance from product purchasing, design, development, production to end-of-life.

Critical vulnerabilities and compliance violations in device firmware are automatically identified in binary code by AI-based technology in minutes – without source code, device, or network access. Proactively audit software supply chains with integrated software bill of materials (SBOM) generation. “Digital Cyber Twins” enable automated 24/7 post-release cybersecurity monitoring throughout the product lifecycle.

The patent-pending, integrated Compliance Wizard™ already covers the upcoming EU Cyber Resilience Act (CRA) and existing requirements according to IEC 62443-4-2, ETSI EN 303 645, UNECE R 155 and many others.

The Product Security Incident Response Team (PSIRT) is effectively supported by the integrated automatic prioritisation of vulnerabilities, significantly reducing the time to remediation.

Leading international companies in Asia, Europe and the Americas already benefit from the ONEKEY Product Cybersecurity & Compliance Platform and ONEKEY Cybersecurity Experts.



Sara Fortmann

Marketing Manager


euromarcom public relations GmbH

+49 611 973 150