Trending Topics Cybersecurity – July 2024

SECURITY INSIGHTS | August 01, 2024

Myra's monthly security highlights provide IT decision-makers and security professionals with the most relevant topics from the world of cybersecurity. Current trends, defense strategies and news on cyber attacks, attack campaigns and more can be found here in a clearly arranged format.

On July 19, 2024, the world experienced a massive IT outage when a faulty update from IT security provider Crowdstrike crashed millions of Windows systems. The incident had a far-reaching impact on companies and organizations worldwide, including airports, banks, healthcare facilities and government institutions.

The Crowdstrike incident clearly shows how important it is to implement redundant processes in the IT infrastructure to ensure business continuity. There must be no single point of failure, especially in the critical infrastructure environment.  Companies should therefore implement redundant processes to ensure that their systems continue to work even in the event of a failure. This can be achieved by implementing backup systems, redundant networks and diversified security solutions.

NIS-2 gains momentum in Germany

NIS-2 aims to reduce the impact of cyber incidents such as the Crowdstrike outage and make companies in Europe more resilient overall. In Germany, the implementation of the directive has now progressed further with the agreement of the Federal Cabinet on the draft for the NIS-2 Implementation and Cybersecurity Strengthening Act (NIS2UmsuCG). The NIS2UmsuCG must now complete the parliamentary procedure to enter into force. However, it is no longer expected to be implemented on time by mid-October.

Nevertheless, affected organizations in Germany should make every effort to implement the NIS-2 requirements. The Federal Office for Information Security (BSI) has launched a new information portal specifically for this purpose, which also includes an impact checker. Companies in Germany can use the tool to carry out an initial assessment and find out whether they have to implement the NIS-2 requirements.

The Top IT Security Topics in July:

IT security trends

Europol reports increase in cybercrime: AI is often used as a weapon

According to a recent analysis by the European police authority, SMEs are increasingly being targeted by cyber criminals. Compared to larger organizations, their cybersecurity measures are usually less developed. The authorities are alarmed by the increasing use of artificial intelligence to forge audio and video recordings for targeted phishing attacks using deepfakes, for example.

Three years after cyberdisaster in Anhalt-Bitterfeld: threat situation remains critical

While the district of Anhalt-Bitterfeld is now well protected against further attacks, many other districts and municipalities still have some catching up to do. “Larger municipalities and districts in particular are well positioned, while the vast majority are poor to very poor”, according to the Saxony-Anhalt Ministry of Digital Affairs. Cybersecurity must become a top priority. Especially as public administrations remain the focus of attackers.

Global IT outages: BSI calls for analysis and improvements

Massive problems caused by a faulty update of Crowdstrike's Falcon Sensor software have led to outages worldwide and disabled around 8.5 million Windows computers. Germany's Federal Office for Information Security (BSI) now wants to take stronger measures to prevent a repeat of such a scenario. To this end, the BSI wants to conduct a technical analysis of the incident with Crowdstrike and Microsoft and discuss how to proceed. Crowdstrike also has to answer to authorities in other countries. For example, Crowdstrike's CEO has been called by the US Congress to testify about the incident.

Dealing with cyberattacks: ECB sees need for banks to improve

In a large-scale cyber stress test, the European Central Bank (ECB) examined 109 supervised institutions in Europe, 28 banks as part of an intensive test. "Overall, the stress test showed that banks have response and recovery frameworks in place, but that there is room for improvement in some areas," the ECB said. The stress test simulated a severe attack on the core banking system. The purpose of the test was to assess the ability of banks to respond to an attack and to analyze their ability to recover from such an event.

Cybercriminals exploit Crowdstrike breakdowns

Cybercriminals are taking advantage of the confusion caused by the global outages following the Crowdstrike breach to spread malware. In phishing mails, the malware is disguised as a recovery tool for Windows systems, but contains malicious code designed to steal user data.

After a serious cyberattack in October 2023: Südwestfalen IT goes back online

About nine months ago, a cyberattack crippled the systems of the municipal service provider Südwestfalen IT (SIT), disrupting critical business processes for some 70 municipalities and 1.7 million residents. Most services are now available again, and recovery is expected to be complete by September 30.

Cybercrime

India's largest crypto exchange hacked: $235 million stolen

Cybercriminals have managed to steal digital assets worth around $235 million from the Indian crypto exchange WazirX. The attackers are said to have stolen about half of the exchange's total assets.

Data breach: AT&T informs 110 million customers about incident

US telecommunications company AT&T has admitted to a massive data breach in which customer data from nearly all AT&T cell phone customers, including phone and text message records, was illegally downloaded from a workstation to a third-party cloud platform. The compromised information includes metadata such as phone numbers, call frequency and duration, and cell site identification numbers that can pinpoint a cell phone user's location.

Cyberattack on Frankfurt University of Applied Sciences

The Frankfurt University of Applied Sciences (UAS) has been the target of a significant cyberattack. Attackers gained unauthorized access to certain parts of the IT infrastructure. As a precautionary security measure, external access to the IT systems was promptly blocked. Digital communication channels and the website were also shut down as a result of the attack. Elevators in the university buildings were also temporarily disabled. It was not until eleven days later that "essential systems" could be restarted.

Leverkusen Economic Development Agency's email system hacked

Attackers gained access to the email system of the Leverkusen Economic Development Agency (WfL) and sent fake messages from the compromised account of an employee. The aim of the phishing mails with the subject line "Required action - important document" is to steal access data. The WfL urges those affected to delete such messages without opening them.

Fujitsu network infiltrated by attackers

A cyberattack has infected 49 internal Fujitsu systems with malware that spread from a single business PC. Fujitsu is investigating the potential impact on customer data, as some information may have been taken, while external systems and cloud services are not affected.

Best Practice, Defense & Mitigation

Bavarian Cybercrime Unit expands cooperation with Interpol

The specialists of Bavaria's Central Cybercrime Unit will work even more closely with the international police organization Interpol in the future. Bavaria's Justice Minister Georg Eisenreich (CSU) and Interpol Secretary General Jürgen Stock signed a cooperation agreement in Munich in mid-July. One of the goals is to combat cross-border cybercrime.

German NIS-2 Implementation and Cybersecurity Strengthening Act picks up speed

The German Federal Cabinet has agreed on the draft for the NIS-2 Implementation and Cybersecurity Strengthening Act (NIS2UmsuCG). It contains extensive new regulations for the cybersecurity of critical infrastructure and greatly expands the group of affected companies. The law must now pass through the parliamentary process before final implementation – experts doubt whether this will be possible by the October 18 deadline.

Facebook takes action against sextortion network

Facebook’s parent company Meta has deleted 63,000 Instagram accounts in Nigeria that were involved in sextortion blackmail. This included a network of 2,500 accounts operated by 20 people, mainly targeting adult men in the US. The group also removed 1,300 Facebook accounts, 200 Facebook pages and 5,700 Facebook groups that provided training materials on how to conduct various scams.

NIS-2: BSI publishes impact assessment tool

The German Federal Office for Information Security (BSI) is publishing an NIS-2 information portal with FAQs and an impact assessment tool just in time for the Federal Cabinet's approval. Companies can make an initial assessment of NIS-2 using this questionnaire.

EU supports cybersecurity and digital skills with over 210 million euros

The EU Commission has published a call for funding worth over 210 million euros for projects to strengthen cybersecurity. 35 million each is earmarked for the protection of large industrial facilities and critical infrastructure as well as for the use of “state-of-the-art technologies and tools for cybersecurity”. 55 million euros are to flow into educational programs to promote digital skills.

Things to know

Dennis-Kenji Kipker joins the Myra Advisory Board

Myra Security is expanding its Advisory Board to include the renowned IT law expert Prof. Dr. Dennis-Kenji Kipker, Research Director of the cyberintelligence.institute and Professor of IT Security Law at Bremen University of Applied Sciences. In future, Kipker will advise Myra in the areas of cybersecurity law, corporate strategy and digital resilience.

Related articles