Home>
Trending Topics Cybersecurity – June 2024
SECURITY INSIGHTS | July 01, 2024
Myra's monthly security highlights provide IT decision-makers and security professionals with the most relevant topics from the world of cybersecurity. Current trends, defense strategies and news on cyber attacks, attack campaigns and more can be found here in a clearly arranged format.
Cyber attacks on political and public institutions are still on the rise. Shortly before the European elections at the beginning of June, the CDU was the target of a cyber attack in which, among other things, calendar data belonging to party leader Friedrich Merz was leaked.
The entry point was apparently a vulnerability in security gateways, which was also used to attack KRITIS operators. The German Federal Office for the Protection of the Constitution and the Federal Office for Information Security (BSI) speak of over 1,800 potentially vulnerable systems across Germany, provided they have not yet been patched.
There is also an urgent need to patch more than 18,000 Exchange servers in Germany. According to the BSI, at least 42% of Exchange servers with open Outlook Web Access (OWA) are still vulnerable to remote code execution, even though the authority published an initial security warning about the vulnerability three months ago.
Patching vulnerable systems as quickly as possible and additionally securing them is becoming even more important in view of the increasing significance of AI-based cyber threats. Attackers can use artificial intelligence to detect existing security vulnerabilities even faster. In this context, German security authorities at the Potsdam Conference on National Cyber Security expressed increasing concern about the influence of AI on cybercrime.
IT security trends
Security authorities warn of AI-powered cyber threats and espionage activities
At the Potsdam Conference on National Cyber Security, leading representatives of German security authorities expressed great concern about the increasing influence of artificial intelligence (AI) on cybercrime and disinformation campaigns. They also warned of a growing threat from espionage activities that are increasingly being carried out by private actors on behalf of states.
BSI: Over 18,000 Exchange servers in Germany still bear critical vulnerabilities
Three months after an initial cyber security warning, the BSI's CERT-Bund has pointed out that over 18,000 Exchange servers in Germany with publicly accessible Outlook Web Access (OWA) are still vulnerable to remote code execution. According to the BSI, only 20% of Exchange servers with active OWA are up to date with the latest patches.
eco survey: Many German companies are not yet prepared for NIS-2
From October, around 30,000 organizations in Germany will have to meet the requirements of the European cyber security directive NIS-2. However, according to a recent survey by the eco Association, only a few companies are prepared for this. According to the survey, around a third of the companies have not yet taken any preparatory measures. 40% of IT managers do not have the new legal regulation on their radar.
Lower Saxony reports all-time high for cybercrime
The number of cybercrime cases in Lower Saxony has risen by around 40% in the past five years, according to the state's latest "Cybercrime and Child Pornography Situation Report 2023". In 2023, the police registered a total of 13,218 cases, although the number of unreported cases is likely to be significantly higher. Attacks on state institutions and critical infrastructure such as insurance, healthcare and transport have increased in particular.
Cybercrime
Cyber attack on the CDU: party leader Merz's calendar data compromised
After the SPD, the CDU has also become the target of a cyber attack. Among other things, calendar data belonging to party chairman Friedrich Merz was accessed. As a precaution, the party's IT infrastructure was partially taken offline. The Federal Office for the Protection of the Constitution and the Federal Office for Information Security (BSI) are investigating.
Vulnerability in security gateways enabled attacks on KRITIS operators
A zero-day vulnerability in security gateways has apparently been used to attack KRITIS operators in the transportation and healthcare sectors. The vulnerability is also believed to have been used in the attack on the CDU. According to the Federal Office for the Protection of the Constitution and the BSI, over 1,800 systems across Germany are vulnerable if they have not been patched and do not use two-factor authentication.
DZ Bank subsidiary admits possible data leak after cyber attack
Sensitive data from tens of thousands of investors may have been stolen in an attack on DZ Bank's real estate subsidiary. According to DG Immobilien Management (DGIM), this includes address and birth data as well as investment amounts, account data, tax numbers, notifications from the tax authorities and various correspondence and verification documents. A task force is to investigate the incident.
Before Ukraine peace conference: DDoS attacks on government websites in Switzerland
Before the start of the Ukraine peace conference in Switzerland, the Swiss Federal Office for Cybersecurity reported DDoS attacks on government websites that were presumably related to the high-level meeting. The attacks led to minor outages of various websites of the federal government and organizations involved in the conference.
Hundreds of thousands of Webex meetings potentially accessible to the public
According to a report by "Zeit Online", hundreds of thousands of Webex meetings held by public authorities and companies in Germany, Austria, Switzerland and other European countries were potentially accessible to the public due to a security vulnerability that has since been closed. Affected customers were apparently only inadequately informed, including the Federal Ministry for Digital and Transport.
Ticketmaster and Santander affected: Attackers steal data from hundreds of cloud customers
Customers of cloud provider Snowflake were the target of a wave of attacks in June. According to security researchers, around 165 companies were informed of a possible data leak, including Ticketmaster and the Spanish bank Santander. Unauthorized access to the cloud instances was carried out using access data stolen by Infostealer malware from customers whose accounts were not additionally protected by multi-factor authentication.
Provider of remote management software confirms security incident
Teamviewer has acknowledged anomalies in its internal IT environment that appear to be the result of a cyber attack. The product environment or customer data are not affected according to the company's current state of knowledge (as of June 26). Security experts suspect that the group behind the attack is APT29 alias Cozy Bear.
Attack on pathology service provider: London hospitals have to postpone numerous operations
A ransomware attack on the laboratory service provider Synnovis has caused considerable disruption to clinical operations at several London hospitals. In total, over 1,000 appointments and operations had to be postponed. Due to delayed blood tests, the blood requirements in the affected clinics could not be met in the meantime. Since then, the attackers have also released around 400 GB of patient data.
DPD parent company admits data leak after cyber attack
The parcel service provider Geopost has become the target of a cyber attack in which attackers gained access to a database of a Spanish subsidiary. Customer data such as names, addresses, email addresses and telephone numbers were leaked. According to the DPD parent company, this was explicitly not a ransomware attack. However, the stolen data could be misused for spamming and phishing.
New phishing kit V3B targets customers of 54 European banks
Security researchers are warning of a new phishing kit that cyber criminals can use to attack bank customers for a monthly fee. According to an analysis, V3B is currently optimized for 54 European banks. In Germany, for example, customers of Commerzbank, Deutsche Bank, DKB, Hypovereinsbank, Targobank and Volksbank are at risk of having their access data stolen via V3B phishing pages.
Best Practice, Defense & Mitigation
Minister Faeser wants to strengthen digital security with new draft law
Federal Minister of the Interior Nancy Faeser wants to present a bill to strengthen digital security against cyber attacks and disinformation campaigns from countries such as China, Russia and Iran. To this end, the powers of the Federal Criminal Police Office (BKA) are to be expanded and a "Central Office for the Detection of Foreign Information Manipulation" is to be set up within the Ministry of the Interior.
LÜKEX 23 evaluation report: Need for optimization in crisis management in the event of cyber attacks
The evaluation report of the cross-state and cross-departmental crisis management exercise (LÜKEX 23) on the topic of "Cyber attacks on government action" has revealed weaknesses in crisis management. According to the Federal Office of Civil Protection and Disaster Assistance (BBK), "processes need to be strengthened and optimized". This includes better planning by the authorities, a common situational picture, permanent crisis management structures and training for the responsible personnel.
Suspected operator of one of the largest botnets in history arrested
The FBI has arrested the suspected operator of the 911 S5 botnet, which was believed to be one of the largest of its kind. The botnet, which was active between 2014 and 2022, consisted of over 20 million Windows computers in around 200 countries and was controlled by 150 command-and-control servers. The operator offered Internet access via the remote-controlled bot computers for rent. His customers had to install VPN software for this, through which their own PCs also became part of the botnet.
Things to know
What is multi-factor authentication?
Multi-factor authentication (MFA) adds an additional layer of security to the login process for online accounts. In addition to username and password, users must specify at least one additional authentication factor when logging in. This ensures that the account remains protected even if attackers have gained access to the login credentials.