Trending Topics Cybersecurity – February 2023

The top IT security topics in February

IT-Security-Trends

Job offers on the darknet: up to €20,000 for developers

Capable developers are promised high salaries in darknet forums for developing and maintaining attack software. The alleged criminal clients even entice them with paid vacation, as a recent analysis shows. Payment is usually made in cryptocurrencies.

Costs of cyber attacks: Damages in the millions burden one in three companies

A recent study by management consultants PwC found that 88 percent of the German companies surveyed had been the victim of a cyber attack in the past three years that caused at least €10,000 in damage. In 30 percent of all cases, the total amounted to more than €1 million.

Finance and insurance in DACH: Shortage of skilled workers hampers effective cyber defense

A study by the bug bounty platform YesWeHack in collaboration with the magazines CIO, CSO and Computerwoche examined how banks, financial service providers and insurers protect themselves against cyber attacks. The study participants see the greatest challenge in the topic of cyber security in the glaring shortage of skilled workers.

DoS attacks slow down Tor network

As the developers of the anonymization tool report in a blog entry, the Tor network has been slowed down by DoS attacks for seven months. At times, the attacks had affected the network to such an extent that users were no longer able to access websites. It is not known who is behind the attacks.

GDPR: Data protection enforcement to be improved

The EU Commission wants to simplify enforcement of the General Data Protection Regulation (GDPR) via a legislative initiative. This is intended to improve cooperation between national supervisory authorities in cross-border cases.

Cybercriminals use ChatGPT hype for attacks

The global interest in the machine learning solution ChatGPT is increasingly being exploited by cybercriminals. Recently, fake ChatGPT applications for Android and Windows systems containing malware increasingly appeared.

Cybercrime

Attack on Hessian city administration and municipal utilities

A cyber attack on the systems of the city of Rodgau and the municipal utilities there has led to outages of various administrative services. Due to the outages, citizen services are only available on site until further notice; the city administration and municipal utilities can only be reached by phone.

Cyber attack on IT service provider

The systems of IT service provider Adesso have been compromised as a result of a cyber attack. The attackers are also said to have managed to steal company data. Customer systems are not affected by the incident.

DDoS attacks on several hospitals in Franconia, Germany

Cyber criminals have attacked several hospitals in Franconia. During the attacks, the organizations' websites were deliberately paralyzed. Among others, the clinics in Gerolzhofen and Schwabach were affected.

Ransomware attack against pipeline company

Friedrich Vorwerk, a company specializing in the construction of gas pipelines and critical infrastructure, fell victim to a ransomware attack at the end of last year. As has now become known, the attack affected large parts of the company's IT. The costly repair of the IT infrastructure and the ERP system took around a month.

Cyber incident: FBI confirms breach in New York offices

Attackers have managed to penetrate the systems of the FBI. According to media reports, the cyber incident occurred at the FBI offices in New York City. Systems for evaluating child pornography are said to be affected. Due to ongoing investigations, the federal agency did not want to provide any further details.

Cyber attacks on NATO websites

Through a series of cyber attacks, attackers have managed to temporarily overload the websites of the NATO military alliance. Details of the attacks have not been communicated. Experts suspect that the Killnet group is behind the attacks. It is likely that the attacks were DDoS attacks.

Best Practice, Defense & Mitigation

BSI updates IT-Grundschutz compendium

The BSI standard work is now available in the new 2023 edition. According to BSI Vice President Gerhard Schabhüser, the 858-page IT-Grundschutz-Kompendium is a comprehensive tool for securing processes and projects according to the state of the art.

Finland's most wanted cybercriminal caught

Finnish Julius K., also known as Zeekill, has been caught by criminal investigators in France. The 25-year-old is accused of blackmailing an online psychotherapy practice and disseminating therapy notes of over 22,000 patients. Julius K. is considered a self-confessed member of the Lizard Squad group, which specializes in DDoS attacks.

US agency urges healthcare industry to improve DDoS defenses

After the cyber group Killnet carried out multiple attacks on the online services of US hospitals in recent weeks, the US Department of Health and Human Services is informing the healthcare industry about the current threat situation. In a concise report, the agency explains the existing threats and provides advice on effective defenses.

Things to know

Claudia Plattner becomes new BSI boss

Germany’s Federal Minister of the Interior Nancy Faeser (SPD) has appointed a new head of the BSI: Claudia Plattner, a mathematician, is to take over the post on July 1. Plattner is currently still director general of information systems at the ECB. Prior to that, the former software developer held various positions at Deutsche Bahn, where she most recently drove the modernization of IT as CIO at DB Systel.

Tools and prevention: defense against brute force attacks

In brute force attacks, cybercriminals do not exploit vulnerabilities in websites or online tools, but rather rely on the carelessness and convenience of users. Using simple or already compromised credentials, online accounts can be easily hijacked using automated brute force methods. Learn here how companies can protect their customers from such threats.