Comparison of established and recent attack vectors

The following table compares the similarity of the problems with regard to the objective, effect, cause and tools used by the attacker / actor. The reader interprets the table from the bottom up.

Measure towards digital security

Measure towards self-determined ability to act



Financial incentives made possible by

  • Competing companies / organizations - Disruption of IT-sensitive workflows

  • Extortion - Interruption of access to the database in plain text

Safeguarding power

See Chapter 5.1 - Objectives and intentions of actors in chapters - Regime-oriented countries, terrorist groups and populism.

Affecting the ability to function


Short to medium time frame

  • An extension of the technical restriction continues beyond organizational or corporate boundaries by delaying the attacker from taking immediate effect of the malicious software on the initially infected end device.

  • A further spread is carried out via the means of interaction or collaboration of the user whose end device had become the target of a successful attack. An indirect attack becomes possible by carrying out a renewed and automated transmission of the e-mail with defective attachment to the contacts stored in the digital address book. Subsequent recipients consider the content of the message to be relevant as the origin of the message (sender's address) is considered valid.

Beyond a longer time frame

  • Societal problems to which there is no conventional method of resolution are perceived as an inability of the political leadership.

  • New trend subjects are established at regular intervals, which are in the focus of the media and press landscape over an extended period of time.

  • A well-functioning media landscape constitutes a fundamental instrument of any democratic society.

  • External forces with great experience in the field of propaganda indicate the effect of proven falsified information.

  • Similarly minded inner forces take up the methods and strengthen the effect by spreading false information with a stronger regional focus.


Immediate time frame

  • The functional integrity of a digital device or component of a digital infrastructure is compromised immediately after infection.

  • Depending on the digital component on which the malware is executed, the effect is limited to a single machine. If one machine provides services for other machines, the overall workflow will be interrupted.

Immediate time frame

  • Specific influence on the participants' ability to draw self-determined conclusions. The user usually consumes content in digital environments only superficially and does not deal with the statement contained in the content in detail.

  • The individual's conception of values and opinions is influenced by extreme statements or subconsciously perceived noises.

  • The average user is often not aware of this situation because content is considered in terms of its own social structure - the social-spatial character (family, peer group, milieu, subgroup), which represent a shared set of opinions and moral values.


Enhancing the effect through interaction

Faulty behaviour - triggered by interaction

  • by untrained employees within an organization in dealing with data received from untrusted sources.

Faulty behaviour - triggered by interaction

  • by people whose perception of opinion has been deliberately manipulated in advance - see Chapter 21.7.2 - Ambivalence of the media in the subchapters Simplification / Personalisation, Passivity, Apparent Worlds as well as the targeted thematisation

Entering the user's field of vision

Authentic and critical content is consumed by the user in parallel. The provider of an electronic mailbox classifies the inbound message stream - inbox / spam. The classification is done by measuring the number of transmissions of an identical message to other mailboxes (scattering) or by using the pattern of word order contained in a message. Despite an active procedure, the classification is not 100% reliable.

The operator of a social media application determines the composition of the content contained in the news or content stream. The user consumes authentic and critical content in parallel. Due to the typical user behavior of consuming multiple items of content in a very short period of time, the user no longer deals in detail with the message embedded in a piece of content.


Method of distribution

The distribution or dispersion of a compromised date is carried out by means of a primary technology used for digital communication.

Everyone who uses the Internet has an electronic mailbox.

The viral distribution model used in social media applications is ideally suited for the controlled and targeted distribution or spreading of (critical) content.

The vast majority of Internet users are using social media applications on a daily basis to participate in the digitally mapped social fabric.


The integrity of a data gets compromised.

Malicious software is injected into the operating system through an interaction of the user with the carrier.

The most suitable carrier is for instance the attachment to an e-mail.

Fake sender addresses and contents in the subject line of an e-mail pretend to be important information for the user.

This attack vector is similar to that of a Trojan horse and has been used to spread spyware and ransomware since the inception of this form of communication.

Hidden or extreme messages are embedded in posts that are communicated in the content or message stream of social media applications.