Trending Topics Cybersecurity – April 2023 

The top IT security topics in April

IT-Security-Trends

BSI classifies cyber attacks on municipalities as more dangerous than attacks against the federal government

At the Potsdam Conference for National Cyber Security, the focus was on municipal IT security. The BSI stated that cyber attacks against municipalities are much more critical than those against the federal government. Together with the Federal Criminal Police Office, the BSI is therefore calling for more competencies vis-à-vis the states.

IT security detention: solar and wind power plants are popular targets for cybercriminals

Germany is pushing ahead with the expansion of wind power and photovoltaic plants – to achieve the climate targets it has set itself. Unfortunately, cybercriminals achieve their goals in the energy sector all too easily. The reason for this is that the energy sector does not keep up with patching known vulnerabilities, say security researchers.

Cybercrime

North Rhine-Westphalia counted 28 cyber attacks against ministries, state enterprises and authorities

Recently, there has been an increase in nationwide DDoS attacks on many official websites. The BSI then warned the German states of the danger. Last year, North Rhine-Westphalia alone recorded 28 cyber attacks on ministries, state enterprises, authorities and schools. The Ministry of Justice was the target of five attacks.

Customer data of bicycle leasing provider surfaced on the darknet

Due to a data leak, not only the data of affiliated companies, but also of end customers of the bicycle leasing provider Jobrad entered the darknet. In addition to master data and contract data of the end customers, the access data of company contacts and bank data of employers were also affected by the data theft, according to Jobrad.

Attack on IT service provider disrupts operations of numerous health insurance companies

For security reasons, Bitmarck had to shut down its systems and disconnect them from the Internet. This led to disruptions and restrictions at connected statutory health insurers. However, no customer or policyholder data was leaked.

Biotech company takes IT systems offline as a precaution after cyber attack

To protect itself from data breaches and data corruption, biotech company Evotec proactively shut down all IT systems after a cyber attack. Forensic investigations are currently underway with external experts to clarify the extent of the damage and potential impact on the company's IT.

Disturbed processes at Berlin police department due to bombardment with mass emails

The Berlin police department's Internet watchdog recently had to contend with a flood of emails. Despite the heavy load, the station was still accessible online without any loss of quality, according to police reports. In the meantime, the cybercrime department of the State Criminal Police Office is investigating computer sabotage.

Around 300 restaurants in the U.K. temporarily closed due to cyber attack

An attack on the foodservice group Yum! Brands had an impact on the associated fast food chains KFC, Pizza Hut and Taco Bell: Due to the incident, around 300 restaurants in the U.K. were closed for a day. The attackers gained access to employees' personal data such as names and driver's license numbers.

Series of DDoS attacks on state websites spreads to Schleswig-Holstein

Following websites in Mecklenburg-Vorpommern and Saxony-Anhalt, the Schleswig-Holstein state portal was recently the target of a DDoS attack. The schleswig-holstein.de website was temporarily unavailable, and the Leibniz Information Center for Economics (ZBW) in Kiel was also affected.

Health insurance company unavailable for days after cyber attack

Around 513,000 policyholders were recently affected by the cyber attack on the health insurance company "BIG direkt gesund". Since the systems had to be shut down after the suspected attack, policyholders were unable to reach the direct insurance company for days. However, as far as is known to date, no data was leaked.

Considerable restrictions at transport companies after cyber attack

Hanover's public transport company had to deal with the consequences of a cyber attack: in addition to the electronic display boards at bus stops being offline for days, ticket sales and the telephone and email systems were also affected. An Üstra spokesperson explained that all computer systems had to be shut down.

Cyber criminals attack European aviation authority

The website of the EU authority Eurocontrol, which monitors and optimizes European airspace for air traffic, was temporarily paralyzed by means of a massive DDoS attack. According to the authorities, air traffic itself was not affected at any time.

Best Practice, Defense & Mitigation

EU plans Cyber Solidarity Act to improve cyber incident response capabilities

The new law includes the establishment of a cybersecurity reserve with emergency services. The EU Commission wants to use it to make Europe more resilient to threats from the Internet. The budget for this project is €1.1 billion.

International investigations against criminal data sales platform successful

Spying on data, data theft and money laundering: this list of "offenses in online trading" was the reason for investigations against the criminal sales platform "Genesis Market". The Federal Criminal Police Office (BKA) and the Frankfurt General Prosecutor's Office initiated searches in all 16 German states of a total of 58 defendants residing in Germany. The platform had previously been seized and shut down by US authorities.

Seized: servers of German DDoS provider shut down

DDoS attacks on several companies in Baden-Württemberg and Hesse, as well as on the Hesse police, have been carried out via FlyingHost since mid-2021. The Hesse State Criminal Police Office has now seized servers. Five suspects between the ages of 16 and 24 are accused of offering their attack services on the Darknet.

Things to know

DDoS threat situation remains critical: authorities increasingly under fire

Analysis of mitigation data from Myra's Security Operations Center (SOC) for the first quarter of 2023 has revealed that the DDoS threat level for web applications, online portals and APIs remains high. Government agencies are particularly the focus of attackers.

New DDoS attack vector: SLP vulnerability enables amplification attacks with a factor of 2,200

As a result of a vulnerability in the Service Location Protocol (SLP), new DDoS attacks are looming. Using vulnerable SLP instances as reflectors, criminals can amplify their attacks by a factor of up to 2,200. Myra customers are also protected against this new attack vector.