Trending Topics Cybersecurity – February 2025

While leading figures from the worlds of politics, business and defense were discussing global threats at the Munich Security Conference, Bavaria itself became the target of a coordinated cyber attack. The cyber group NoName057(16) claimed responsibility for an extensive DDoS attack that targeted numerous Bavarian authorities and organizations. The extent of the attack was significantly greater than initially assumed and affected not only the Bavarian state government and police, but also the Federal Fiscal Court, the district of Upper Bavaria and several municipalities in the Munich area.

According to the European cybersecurity agency ENISA, NoName057(16) is by far the most active player in the field of hacktivism – the agency recorded more than 3,600 attacks on organizations in the EU in recent months alone. About one in ten attacks by the group was directed against German targets.

US administration undermines legal basis for EU-US data transfers

The attacks come at a time of increasing transatlantic tensions. In a recently published White House memorandum on “Defending American Companies Against Foreign Extortion and Unfair Penalties,” the US government threatens retaliatory measures against European digital taxes and regulations.

In January, the Trump administration had already called on the Democratic members of the Privacy and Civil Liberties Oversight Board (PCLOB) to resign. The PCLOB is a key body for monitoring US data protection practices and thus plays a central role in the EU-US Data Privacy Framework for regulating legally secure data transfers. Weakening the PCLOB thus weakens the EU adequacy decision for data transfers to the US and has a negative impact on the legal certainty of using American cloud solutions in compliance with the GDPR. The new memorandum increases the pressure on European companies to have an alternative to US providers in place for emergencies.

The Top IT Security Topics in February

The cost of cyber attacks is increasing, demand for insurance is growing

The study “Cyber Insurance and Security: Meeting the Rising Threat” by KnowBe4 shows that the average cost of a data breach will have risen to $4.88 million by 2024. 75% of data breaches can be traced back to the human factor, with phishing and social engineering being the most common methods of attack. Meanwhile, insurers are increasingly demanding strict security measures from companies in order to grant premiums and coverage. SMEs are particularly affected by cyber attacks, as they often suffer serious financial consequences despite lower average costs.

OpenAI blocks ChatGPT accounts of cyber actors

OpenAI has suspended several ChatGPT accounts that were used by cyber groups to research future attack targets and develop methods of infiltrating networks. The manufacturer has linked the suspended accounts to well-known cyber actors known for their involvement in state-backed cyber attacks. The attackers also used ChatGPT to phish for cryptocurrencies, for programming tools and to develop attack tools.

OT device vulnerabilities endanger national security

More than one in ten operational technology (OT) devices in manufacturing, transportation, and logistics have known vulnerabilities exploited, according to new research from cybersecurity professionals. These vulnerabilities allow attackers to infiltrate critical networks and can result in physical damage and public safety impacts. State-backed actors are increasingly using these vulnerabilities to attack Western infrastructure.

Data protection authorities are checking DeepSeek for GDPR compliance

Seven German state data protection authorities have initiated proceedings against the AI startup DeepSeek to verify whether the company is complying with the requirements of the General Data Protection Regulation (GDPR), in particular the requirement to appoint an EU representative. The proceedings began on February 14, 2025 and also address concerns about the storage of user data and the possible manipulation of the app for criminal purposes. Similar concerns have been raised worldwide, leading to usage bans in several countries.

Thuringia registered over two million cyber attacks on the state administration in 2024

In Thuringia, there were around 2.1 million attacks on the state data network last year. This was reported by the German Press Agency, citing figures from the Ministry of Digital Affairs. According to these figures, seven attacks were directly targeted at individual systems of the state administration. In addition, 132 cases of overload attacks and more than 40,000 malicious e-mails were counted.

Federal government cuts IT security jobs

The federal government, which has since been voted out of office, eliminated more IT security positions in 2024 than it created in the same period. This is according to the answer to a parliamentary question. According to this, a total of 155 jobs were cut across all federal ministries. In the Federal Ministry of the Interior alone, which also oversees the Federal Office for Information Security (BSI), 344 IT security jobs were cut, while 163 new jobs were added in the Ministry of Defense.

DDoS attack on Bavarian state government and police

Before the start of the Munich Security Conference, the Bavarian state government was the target of a suspected pro-Russian cyber attack. The DDoS (Distributed Denial-of-Service) attack meant that the websites of the state chancellery and the digital ministry, as well as the Bavarian police website, were temporarily unavailable.

Wave of attacks on Italian websites

In February, a wave of DDoS attacks on Italian targets took place in the name of the pro-Russian cyber group NoName057(16). Among others, the airports of Linate and Malpensa, the transport authority, the bank Intesa San Paolo and the ports of Taranto and Trieste were affected. The attacks were a response to statements made by Italian President Sergio Mattarella, who had compared Russia's actions in Ukraine with those of the Third Reich.

$1.5 billion stolen from crypto exchange Bybit

Cybercriminals have managed to steal $1.5 billion in cryptocurrencies from the Dubai-based digital exchange Bybit. During the attack, Bybit executives were tricked into a routine transaction that diverted 401,000 units of Ethereum to an unknown address. Investigations by IT forensic experts suggest that the North Korean Lazarus group was behind the robbery.

Cyber attack on the University of the Federal Armed Forces

Cybercriminals have attacked the University of the Federal Armed Forces in Neubiberg near Munich, intercepting sensitive data in the process. The stolen information includes names, passwords, email addresses, and private contact details, among other things. The attack was discovered on January 23, 2025, and work is ongoing to analyze and mitigate the effects while the investigation into the perpetrators continues.

Eckert & Ziegler: cyberattack on medical technology company

Berlin-based medical technology group Eckert & Ziegler was the victim of a cyber attack that affected parts of its IT systems. The affected systems were proactively shut down and disconnected from the internet to minimize potential damage, while production remains largely unaffected. Eckert & Ziegler is one of the largest manufacturers of radioactive components for medical, scientific and metrological purposes.

Cyberattack on LUP clinics: patient data stolen

Following a cyberattack on the LUP clinics in Mecklenburg-Western Pomerania, there are indications that patient data has been stolen. The attack may have compromised sensitive information about patients, raising significant privacy concerns. The affected facilities are working to investigate the incident and restore the systems.

Ransomware group Black Basta on the verge of collapse

The ransomware group Black Basta, responsible for over 500 cyberattacks, is reportedly on the verge of disbanding due to internal disputes. A leaked chat history provides insights into the group's modus operandi, which has been largely inactive since early 2025 after key members defected to other cyber actors and internal conflicts escalated.

Hamburg and BSI strengthen cooperation in cybersecurity

The Free and Hanseatic City of Hamburg and the German Federal Office for Information Security (BSI) have signed a cooperation agreement to strengthen cybersecurity. This cooperation covers eight fields of action, including regular information sharing, awareness-raising measures for city employees and test attacks to identify vulnerabilities. The aim is to increase resilience to cyber attacks and better protect Hamburg's digital infrastructure.

EU action plan to protect healthcare against cyber attacks

The EU Commission has presented an action plan to better protect healthcare against cyber attacks. The plan is a response to the increasing threat of ransomware attacks, which are particularly common in the healthcare sector and often have a significant impact on patient care. The action plan includes measures to better prevent, detect, and respond to cyberattacks, as well as the establishment of a European cybersecurity support center for healthcare.

Cybercriminals claim responsibility for attacks

The cyber group NoName057(16) is apparently responsible for the cyber attacks on authorities and companies that took place in the run-up to the Munich Security Conference. Christof Klaus, Director Global Network Defense at Myra Security, explains the background to the DDoS attack wave in an interview with Bayerischer Rundfunk. The attackers' goal is to “shake citizens' trust in our structures”.

USA threatens retaliation against European digital taxes

On February 21, 2025, US President Trump signed a memorandum providing for retaliatory measures against foreign digital taxes and regulations that “discriminate against” or “disproportionately burden” American technology companies. The measures could include tariffs on European goods and are particularly aimed at the digital taxes of France, Austria, Italy, Spain and the United Kingdom. For European and German companies, this means an intensification of transatlantic tensions in the areas of trade and digital policy.

Efficient visitor management with Myra Waiting Room

With the virtual waiting line system, Myra customers can protect their servers from overload by directing visitor traffic to individual waiting pages – for an improved user experience and increased conversion rates.