Visit us at it-sa 2024!

GetyourfreeticketGetyourfreeticket

Trending Topics Cybersecurity – January 2023 

SECURITY INSIGHTS | 1 February 2023

Myra's monthly security highlights provide IT decision-makers and security professionals with the most relevant topics from the world of cybersecurity. Current trends, defense strategies and news on cyber attacks, attack campaigns and more can be found here in a clearly arranged format.

Myra Security Trending Topics Key Visual

Cyber attacks have a serious impact on companies' sales and operations – this is widely known. A Hiscox analysis from 2021 even found that every sixth company affected by cyber attacks had its existence threatened by the attacks.

For e-commerce companies in particular, the consequences of digital attacks can be dramatic. But other sectors are not immune to massive consequences either. For example, a cyber attack is said to have played a significant role in the recent insolvency of Prophete, a bicycle and e-bike manufacturer based in Rheda-Wiedenbrück, Germany. Due to the attack, manufacturing operations had to be shut down for several weeks.

Meanwhile, Allianz underlines how acute the cyber threat situation is for companies. In the latest Allianz Risk Barometer, cyber incidents continue to be listed as the biggest business risk for companies worldwide. The German financial supervisory authority also sends the same signal: as last year, cyber attacks are listed in BaFin's current focus risks. The increasing digitalization of the financial industry is attracting more attackers who are after virtual assets and data.

This and other important news, developments and insights from IT security can be found in the following compact overview.

The top IT security topics in January

IT-Security-Trends

Cyber incidents and business interruptions are the biggest business risks globally in 2023

This is according to the latest Allianz Risk Barometer. "For many businesses, the threat of cyber attacks remains greater than ever, and cyber insurance claims remain at a high level," comments Shanil Williams, AGCS board member, on the survey's findings.

Learn more

Executives are particularly vulnerable to phishing attacks

Three times more often than employees, decision-makers are victims of phishing attacks. This is confirmed by Ivanti's "State of Security Preparedness 2023" study. In 2022, two out of three CXOs are said to have been the target of such attacks. Around one-third of all executives have already fallen victim to phishing attacks in the past.

Learn more

Risks in the focus of Bafin 2023: Increase in cyber attacks with serious impact

The German Federal Financial Supervisory Authority (BaFin) classifies cyber attacks as one of the greatest risks for the financial sector. Digital monetary assets and sensitive data are attractive assets for cybercriminals. The threat from external attacks is therefore still considered to be extremely high.

Learn more

Cybercrime

DDoS attack campaign on German authorities, airports and banks

A coordinated wave of DDoS attacks caused outages on the websites of German authorities, airports and banks at the end of January. It is seen as a reaction to Germany's decision to supply tanks to Ukraine. The Killnet group is said to have claimed responsibility for the attacks via Telegram.

Learn more

Public administration in Potsdam still offline

After a serious cyber attack at the end of December 2022, the Potsdam city administration had taken its IT systems offline as a precaution. Less than a month later, the reboot into regular operation had to be aborted after just one day. It could not be ruled out that professional criminals would try to access data, said Mayor Mike Schubert (SPD) about the cyber incident.

Learn more

Around 1,000 ships affected by cyber-havoc on fleet management system

A ransomware attack on the ship fleet management software Shipmanager has crippled the IT infrastructure behind it. Around 70 customers or 1,000 ships are affected – they now have to operate offline.

Learn more

Credential Stuffing: attack on PayPal

Via credential stuffing attacks performed by automated bots, cybercriminals have managed to hijack around 35,000 PayPal accounts and access the information stored there. This includes names, dates of birth, mailing addresses, social security numbers, tax numbers, transaction history, details of connected credit or debit cards, and billing information. However, the attackers are said not to have transferred any funds.

Learn more

DDoS attack wave on Danish banks and financial service providers

Several of Denmark's largest and most important banks and financial service providers have fallen victim to an orchestrated wave of DDoS attacks. The group "NoName057(16)" is said to be behind the attacks. The attacks were announced under their name on the Telegram platform.

Learn more

E-bike manufacturer Prophete: Cyber attack drove company into insolvency

A cyber attack is said to have played a significant role in the insolvency of Prophete, a bicycle and e-bike manufacturer based in Rheda-Wiedenbrück, Germany. The attack resulted in a business outage that lasted several weeks.

Learn more

2022 broke all records: DDoS attacks on Russian ISP

As Russian Internet Service Provider (ISP) Rostelecom reveals in a recent report, the cyber threat situation has become extremely severe over the past year. In total, more than 500,000 DDoS attacks were identified. The most powerful attack, at 760 Gbps, was twice as strong as the strongest attack of the previous year. The longest attack lasted almost three months.

Learn more

Cyber attack paralyzes IT of TU Freiberg

Cyber criminals have managed to penetrate the systems of the TU Freiberg in Saxony. As a precautionary measure, the university's computer center was taken offline for this reason. Rector Klaus-Dieter Barbknecht explained in an interview with MDR that no data was leaked as a result of the intrusion attack.

Learn more

Lockbit extorts port administration in Lisbon

US$1.5 million ransom is being demanded by the Lockbit ransomware group from the Lisbon port administration for the release of data. Among the data affected by the malware are said to be financial reports, contracts, cargo information, ship logs, crew details, customer information, email correspondence, and much more.

Learn more

Best Practice, Defense & Mitigation

Security researchers hijack cars from numerous manufacturers

Unlocking, driving away, tapping personal data or taking over customer accounts: Security researchers have succeeded in launching these and other attacks via security holes in the APIs of numerous car manufacturers. Vehicles from Mercedes-Benz, Ferrari, BMW, Toyota and Porsche are said to be affected by faulty interfaces.

Learn more

Authorities' smash ransomware group Hive

In international cooperation, law enforcement agencies from Germany, the Netherlands, the U.S. and other countries have managed to take control of the Hive ransomware network. For this purpose, numerous servers were seized and various data and accounts of the network and its users were secured.

Learn more

German federal ministries lack IT security specialists

IT security specialists are in high demand on the job market. This is also reflected in the sluggish recruitment of IT security specialists by the federal ministries. According to a federal government response to a parliamentary question from the Left Party, one in five positions for IT security specialists is unfilled at the federal level.

Learn more

Things to know

Cyber threat ChatGPT?

ChatGPT – a machine-learning-based natural language processing application – is increasingly attracting interest from cybersecurity professionals. They say there is concern that the software could be misused by attackers for phishing attacks and other frauds.

Learn more

What is Whaling?

Whaling is a variant of (spear) phishing that targets C-level management. By means of elaborately forged emails, attackers try to persuade their victim to hand over valuable confidential data or transfer large sums of money.

Learn more

Related articles