Trending Topics Cybersicherheit – June 2022

SECURITY INSIGHTS | 1 July 2022

Myra’s monthly security highlights present IT decision-makers and security specialists with the most relevant topics from the world of cybersecurity. Hacker trends, defense strategies, and reports on cyber attacks, hacker campaigns, etc. are available here in a clearly laid out format.

Arne Schönbohm, President of the BSI (Federal Office for Information Security), currently sees a significantly heightened threat level due to cyberattacks in Germany. Schönbohm made this statement at the “Potsdam Conference for National Cyber Security” at the end of June. Although no centrally coordinated campaign has been identified so far, cyberattacks are having an increasingly frequent impact on the everyday lives of people in Germany, he said.

A large-scale cyberattack on an IT service provider, for example, affected several energy companies in the Rhine-Main region: The targets of the attack included the public utility company Mainzer Stadtwerke and the Darmstadt-based company Entega, as reported by Hessenschau and others. As a result of the attack, the websites and e-mail servers were unavailable; also affected were the websites of the public transportation provider Mainzer Mobilität and the local pool Taubertsbergbad.

The city of Kassel suffered a similar fate: a cyberattack on the servers of the Kassel municipal cleaning service led to a network outage. According to the city of Kassel, as yet unidentified persons managed to penetrate the company’s network, which had multilevel security in place. The attack had no effect on regular waste disposal and street cleaning. However, it was no longer possible to collect bulky or electronic waste from individual homes because, among other things, the schedule database had been destroyed.

Political parties and federal authorities are also increasingly becoming the targets of cyberattacks. On May 30, the internal network of the Bündnis 90/Die Grünen party was hit. The intranet known as the “Green Network” was attacked. According to a party spokeswoman the attack did not involve a “large amount of data”. However, it is not yet known exactly what data was taken and whether it included sensitive information.

The top IT security topics in June 2022

IT-Security-Trends

BaFin: Increased risk of cyberattacks on the financial sector

At the beginning of June, BaFin warned for the second time within a matter of days of repeated attacks on IT infrastructure. The warning concerned DDoS attacks in particular. In its warning for the German financial sector, BaFin referred to the “Security Notice for Business” issued by the German domestic intelligence services (Verfassungsschutz).

Find out more

Cybercrime

Cyberattack on the Green Party’s internal IT system

The party’s intranet, known as the “Green Network”, was attacked by cybercriminals on May 30. It is not yet known exactly what data was taken and whether it included sensitive information. According to a party spokeswoman, however, it did not involve a “large amount of data”.

Find out more

Cyberattack on authorities and energy suppliers in the Rhine-Main region

A ransomware attack targeted the websites of Mainzer Mobilität (public transportation), Mainzer Stadtwerke (public utility company), Mainzer Netze Gesellschaft (public services) and Taubertsbergbad (public swimming pool), some of which could not be accessed as a result of the attack. According to the Mainzer Stadtwerke, however, there were no outages of critical infrastructure.

Find out more

IT systems of University of Applied Sciences paralyzed after cyberattack

A “major IT security problem” led to the shutdown of all IT systems connected to the Internet on June 21, according to Münster University of Applied Sciences. The IT incident will probably also have an impact on exams, according to a spokesperson for the university.

Find out more

Swiss pharmaceutical company targeted by cybercriminals

According to the website BleepingComputer, information related to Novartis has been offered for sale on the Darknet for $500,000 payable in Bitcoins. The information allegedly came directly from the laboratories of a Novartis factory associated with testing drugs based on RNA technologies. According to Novartis, however, the theft of sensitive data can be ruled out.

Find out more

Failed: Digital health apps put to the test

The hacker collective Zerforschung has scrutinized two digital health applications (DiGAs) and found significant security flaws. The apps are designed to support patients suffering from depression and breast cancer. Sensitive data such as mail addresses, therapy programs, plain text passwords, diagnoses, diary data and doctor’s reports could be accessed.

Find out more

Failed: Digital health apps put to the test

The hacker collective Zerforschung has scrutinized two digital health applications (DiGAs) and found significant security flaws. The apps are designed to support patients suffering from depression and breast cancer. Sensitive data such as mail addresses, therapy programs, plain text passwords, diagnoses, diary data and doctor’s reports could be accessed.

Find out more

BSI chief warns of hacker attacks in Germany

Although no centrally coordinated campaign has been identified so far, Arne Schönbohm, President of the BSI (German Federal Office for Information Security), sees a significantly heightened threat level due to cyberattacks in Germany. Schönbohm said this at the “Potsdam Conference for National Cyber Security”.

Find out more

Large-scale cyberattack on Lithuania

Lithuania has been hit by a large-scale cyberattack, according to the country’s government. As the Ministry of Defense explained, state institutions as well as private companies were subjected to fierce DDoS attacks. The worst attacks were quickly brought under control.

Find out more

Price drop for stolen credit cards on online black market

A study by Privacy Affairs has exposed huge growth rates in the online black market for stolen credit cards and hacked PayPal and cryptocurrency accounts. As a result of this growth, prices are already plummeting for some items.

Find out more

Best Practice, Defense & Mitigation

FBI seizes domains used for the sale of stolen data and DDoS services

The FBI and the U.S. Department of Justice recently seized three domains that cybercriminals had used to sell stolen data and DDoS attack services. As a result of the international law enforcement operation with the Dutch National Police Corps and the Belgian Federal Police, one suspect was arrested, server infrastructure was seized, and several sites were searched.

Find out more

Flubot: Europol seizes Android spyware infrastructure

The spyware known as FluBot infects Android devices, spreads aggressively via SMS, and steals passwords, online banking details, and other sensitive information. According to Europol, the Dutch police took over the associated infrastructure back in May, disabling this strain of malware.

Find out more

Operator of DDoS-for-hire service “Downthem” sentenced to two years in prison

Matthew Gatrel of St. Charles, Illinois, violated the Computer Fraud and Abuse Act (CFAA). He was sentenced to two years in prison for operating two DDoS-for-hire services through which thousands of customers had paid to carry out more than 200,000 attacks.

Find out more

Europol succeeds in striking a blow against phishing gang

A Europol cross-border operation involving Belgian and Dutch police led to the dismantling of an organized crime gang involved in phishing, scams and money laundering. Firearms, ammunition, jewelry, electronic devices, cash and cryptocurrencies were seized during the investigation.

Find out more

BSI publishes technical guidelines for the security of digital health applications

The security requirements for different areas of healthcare applications have been written to provide further guidance to manufacturers and operators. The Technical Guideline (TR) includes several sections with requirements for mobile applications (TR-03161-1), web applications (TR-03161-2) and background systems (TR-03161-3).

Find out more

Things to know

Attackers exploit zero-day vulnerability in Atlassian Confluence for remote code execution

Attackers are using a zero-day vulnerability in Confluence Server and Data Center to deliver malicious code to vulnerable systems. Atlassian has since released patched versions of the affected products. With the Myra Hyperscale WAF you can protect your systems until the migration to these patched versions has taken place.

What is an Autonomous System and what are AS Numbers (ASN)?

Autonomous Systems (AS) are typically larger IP network associations that are managed by a single routing policy. For identification purposes, a unique Autonomous System Number (ASN) is assigned to each AS. The individual Autonomous Systems (AS) together make up the Internet.

Find out more

What is DNS over TLS?

DNS over TLS (DoT) is a protocol for the encrypted transmission of DNS (Domain Name System) queries. Name resolution on the Internet is typically transmitted unencrypted via UDP. With DoT, however, the assignment of domains and the associated IP addresses is encrypted using the Transport Layer Security (TLS) protocol.

Find out more

What is an Identity Provider (IDP)?

Identity providers (IDPs) are central access systems for service providers. Users make use of IDPs to verify their identity via password and/or other factors in order to log in to local devices or Internet accounts.

Find out more

Related articles

SECURITY INSIGHTS

20 November 2020

Cyber insurance: DDoS and blackmail cause the most expensive damage

Read more

SECURITY INSIGHTS

28 February 2022

Supervisory authorities step up data protection controls in the public sector

Read more

SECURITY INSIGHTS

28 October 2021

Regulators take action against unauthorized use of U.S. cloud service providers

Read more