Trending Topics Cybersecurity – November 2024

Uncertainty is the goal: cyber criminals around the world are mobilizing their attack capacities to sabotage the digital infrastructures of public organizations and the private sector and cause damage. Such attacks are accompanied by mass dissemination of disinformation on social networks. Against the backdrop of geopolitical changes such as the re-election of Donald Trump as US President or the break-up of the German government, such attacks fuel fear and uncertainty among the population - which is what political cyber actors are after.

This development can also be seen in the figures and data from the new status report by the German Federal Office for Information Security (BSI). For 2024, the BSI identified a 26% increase in new malware variants to around 250,000 malware programs per day. High-volume DDoS (Distributed Denial of Services) attacks with more than 10 Gbit/s were also found to have grown immensely, accounting for an average of 13% of all DDoS attacks. Public administration institutions were particularly affected by the attacks, with one in five IT security incidents (19%) being registered in this sector.

Both nationally and internationally, the investigating authorities are taking consistent action against the growing threat posed by cyber criminals. In November, the authorities once again carried out successful operations in the fight against cyber criminals. For example, German investigative authorities shut down the criminal platform dstat[.]cc, which offered DDoS attacks as a service. Meanwhile, Interpol broke up an African cybercrime ring as part of Operation Serengeti and arrested 1,006 suspects.

The Top IT Security Topics in November:

Cyber risks in the 2025 federal election

In the context of the early German parliamentary elections, which are scheduled for mid-February 2025, there is a risk of cyberattacks on political parties, electoral authorities and other relevant parties. Christof Klaus, Director Global Network Defense at Myra Security, explains the potential cyber threats in connection with the federal elections.

BSI Situation Report 2024: Rising cyber threats and increased resilience

The BSI report on the state of IT security in Germany shows an increase in cyber threats, including a huge rise in high-volume DDoS attacks in the first half of 2024 and an increase in attacks on public cloud infrastructures. Meanwhile, 1.1 billion US dollars in ransom money was stolen worldwide through ransomware attacks. In addition, the BSI also emphasizes the progress made in strengthening cyber resilience, for example through the successful detection of botnets by the BSI using sinkholing techniques.

The 25 most dangerous software vulnerabilities

MITRE has identified the top 25 most common and most dangerous software vulnerabilities for 2024. The list is based on the analysis of over 31,000 vulnerabilities reported between June 2023 and June 2024. Led by Cross-Site Scripting, Out-of-bounds Write and SQL Injection, the list serves as a central guide for organizations to improve their software security strategies and prevent software lifecycle vulnerabilities.

Südwestfalen-IT takes stock one year after devastating cyber attack

One year after the serious ransomware attack on Südwestfalen-IT (SIT) at the end of October 2023, the company has drawn up a comprehensive assessment. The attack affected 72 association members, 22,000 workstations and 160 specialist processes, compromising 1,463 servers. The work to return to normal operations lasted until the end of September 2024. The additional expenses incurred as a result of the incident amounted to around 2.8 million euros for 2024.

Burnout crisis among IT security experts

A recent study shows that 57 percent of IT security professionals in Germany suffer from burnout, which is due to the increasing complexity and constant pressure in the cyber security industry. The high burnout rate not only endangers the personal health of professionals, but also poses a significant risk to the security of companies, as exhausted employees are more likely to make mistakes or overlook important threats, the study concludes.

Biggest telecommunications hack in US history

The Chairman of the US Senate Select Committee on Intelligence, Mark Warner, describes the recently discovered cyber attack on the networks of major US network operators as the "largest telecommunications hack in US history". The attack, which is believed to have originated in China, enabled the attackers to eavesdrop on phone calls in real time and access sensitive data.

Another wave of DDoS attacks on Austrian organizations

In mid-November, CERT.at once again issued an urgent DDoS warning for Austrian companies and organizations. As in September for the National Council elections, geopolitical developments were the trigger for this increased cyber threat. CERT.at recommends that companies review their security measures and prepare for a possible increase in attacks.

Attack on French hospital: Health data of 750,000 patients compromised

Cyber criminals have gained access to the electronic patient record system of a French hospital and stolen the medical data of 750,000 patients. The sensitive information is now for sale, including personal data, medical records and prescriptions.

Japanese Yakuza victims' aid organization fears data leak

The Kumamoto Prefecture Violence Prevention Movement Promotion Center, a Japanese government agency that supports yakuza victims, has been the victim of a phishing attack that may have compromised the personal information of 2,500 people seeking help. The agency has apologized for the incident and warned those affected that they may be contacted by criminals while the exact impact of the attack is still being investigated.

Ransomware attack on supply chain software: retailers in the US and UK affected

A ransomware attack on supply chain software provider Blue Yonder has caused significant disruption to numerous companies in the UK and the US. Among those affected are UK supermarket chains Morrisons and Sainsbury's, as well as Starbucks in the US, where payroll and schedules have been affected. Blue Yonder is working to restore its systems but is not yet able to provide a timeline for full resolution of the issue.

Authorities dismantle DDoS platform and arrest suspects

German law enforcement authorities have shut down the criminal platform dstat[.]cc, which enabled users to carry out DDoS attacks. Two suspects, aged 19 and 28, have been arrested. The action is part of Operation PowerOFF, which is directed against DDoS-for-hire services. The suspects are also accused of operating an infrastructure for drug trafficking.

Saxon authorities targeted: millions of cyberattacks fended off

According to the annual report on information security 2024, Saxon authorities successfully fended off thousands of cyberattacks last year, with more than half of the over 110 million emails received being sorted out as potentially harmful. State Secretary Thomas Popp emphasizes the increasing complexity of network attacks and the need to remain vigilant and regularly adapt protection systems.

Interpol breaks up African cybercriminal network

In a large-scale operation called "Serengeti", Interpol arrested 1,006 suspects and shut down 134,089 malicious infrastructures and networks used for various forms of cybercrime in 19 African countries. The two-month operation uncovered a wide range of crimes, including ransomware attacks, business email compromises, digital extortion and online fraud. In total, the more than 35,000 victims suffered financial losses of almost 193 million dollars.

EU launches the Cyber Resilience Act (CRA)

With the publication of the CRA, the EU is laying the foundations for a new era of IT security. As an EU regulation, the CRA defines specific security requirements for products with digital elements. According to eco board member Prof. Dr. Norbert Pohlmann, the CRA has the potential to position Europe as a pioneer in cyber security. For the first time, the regulation defines a minimum level of cyber security for all connected products on the EU market and makes manufacturers responsible for the entire life cycle of their products.

ENISA: Public administration invests a median of 2 million euros in information security

Public administrations in the EU member states spent a median of around 18 million euros on IT in 2023. Investments in information security amounted to €2 million, which corresponds to 9.2% of IT expenditure. This puts public administration in third place behind the banking and energy sectors, according to a recent study by the EU cybersecurity agency ENISA.

What is the Internet Control Message Protocol (ICMP)?

The Internet Control Message Protocol (ICMP) is a central component of the protocol family on the World Wide Web. ICMP is mainly used to transmit error messages and diagnostic information in networks and data centers. In contrast to transport protocols such as TCP or UDP, information about the status of network connections and devices is to be transmitted. Cyber criminals misuse the protocol for DDoS attacks (Distributed Denial of Service).