Trending Topics Cybersecurity – April 2023 


Myra's monthly security highlights provide IT decision-makers and security professionals with the most relevant topics from the world of cybersecurity. Current trends, defense strategies and news on cyber attacks, attack campaigns and more can be found here in a clearly arranged format.

In recent weeks, there has been an increase in DDoS attacks on many government websites. The German Federal Office for Information Security (BSI) even felt compelled to warn the German states about the current danger situation. Last year, the state of North Rhine-Westphalia alone recorded 28 cyber attacks on ministries, state companies, authorities and schools. The Ministry of Justice was the target of five attacks.

At the Potsdam Conference on National Cyber Security, however, the focus was on municipal IT security, as the BSI considers cyber attacks against municipalities to be much more critical than attacks against the federal government. But the fightback is forming: the EU is working flat out on the so called Cyber Solidarity Act. The aim is to make Europe more resilient to cyber threats by building a cybersecurity reserve with emergency services.

The general trend toward more attacks on public authorities continues unabated. Recently, the "Reconstruction Ukraine" platform of the German Federal Ministry for Economic Cooperation and Development (BMZ) was attacked twice in one morning with DDoS attacks. Police authorities, health insurance companies and energy providers are also repeatedly targeted by cybercriminals. This is confirmed by evaluations of Myra Security's mitigation data for the first quarter of 2023. The number of malicious requests to websites, online portals and APIs that were defended against was on a par with the previous quarter. Here, too, it became apparent that government agencies are the primary focus of attackers.

The top IT security topics in April


BSI classifies cyber attacks on municipalities as more dangerous than attacks against the federal government

At the Potsdam Conference for National Cyber Security, the focus was on municipal IT security. The BSI stated that cyber attacks against municipalities are much more critical than those against the federal government. Together with the Federal Criminal Police Office, the BSI is therefore calling for more competencies vis-à-vis the states.

Learn more

IT security detention: solar and wind power plants are popular targets for cybercriminals

Germany is pushing ahead with the expansion of wind power and photovoltaic plants – to achieve the climate targets it has set itself. Unfortunately, cybercriminals achieve their goals in the energy sector all too easily. The reason for this is that the energy sector does not keep up with patching known vulnerabilities, say security researchers.

Learn more


North Rhine-Westphalia counted 28 cyber attacks against ministries, state enterprises and authorities

Recently, there has been an increase in nationwide DDoS attacks on many official websites. The BSI then warned the German states of the danger. Last year, North Rhine-Westphalia alone recorded 28 cyber attacks on ministries, state enterprises, authorities and schools. The Ministry of Justice was the target of five attacks.

Learn more

Customer data of bicycle leasing provider surfaced on the darknet

Due to a data leak, not only the data of affiliated companies, but also of end customers of the bicycle leasing provider Jobrad entered the darknet. In addition to master data and contract data of the end customers, the access data of company contacts and bank data of employers were also affected by the data theft, according to Jobrad.

Learn more

Attack on IT service provider disrupts operations of numerous health insurance companies

For security reasons, Bitmarck had to shut down its systems and disconnect them from the Internet. This led to disruptions and restrictions at connected statutory health insurers. However, no customer or policyholder data was leaked.

Learn more

Biotech company takes IT systems offline as a precaution after cyber attack

To protect itself from data breaches and data corruption, biotech company Evotec proactively shut down all IT systems after a cyber attack. Forensic investigations are currently underway with external experts to clarify the extent of the damage and potential impact on the company's IT.

Learn more

Disturbed processes at Berlin police department due to bombardment with mass emails

The Berlin police department's Internet watchdog recently had to contend with a flood of emails. Despite the heavy load, the station was still accessible online without any loss of quality, according to police reports. In the meantime, the cybercrime department of the State Criminal Police Office is investigating computer sabotage.

Learn more

Around 300 restaurants in the U.K. temporarily closed due to cyber attack

An attack on the foodservice group Yum! Brands had an impact on the associated fast food chains KFC, Pizza Hut and Taco Bell: Due to the incident, around 300 restaurants in the U.K. were closed for a day. The attackers gained access to employees' personal data such as names and driver's license numbers.

Learn more

Series of DDoS attacks on state websites spreads to Schleswig-Holstein

Following websites in Mecklenburg-Vorpommern and Saxony-Anhalt, the Schleswig-Holstein state portal was recently the target of a DDoS attack. The website was temporarily unavailable, and the Leibniz Information Center for Economics (ZBW) in Kiel was also affected.

Learn more

Health insurance company unavailable for days after cyber attack

Around 513,000 policyholders were recently affected by the cyber attack on the health insurance company "BIG direkt gesund". Since the systems had to be shut down after the suspected attack, policyholders were unable to reach the direct insurance company for days. However, as far as is known to date, no data was leaked.

Learn more

Considerable restrictions at transport companies after cyber attack

Hanover's public transport company had to deal with the consequences of a cyber attack: in addition to the electronic display boards at bus stops being offline for days, ticket sales and the telephone and email systems were also affected. An Üstra spokesperson explained that all computer systems had to be shut down.

Learn more

Cyber criminals attack European aviation authority

The website of the EU authority Eurocontrol, which monitors and optimizes European airspace for air traffic, was temporarily paralyzed by means of a massive DDoS attack. According to the authorities, air traffic itself was not affected at any time.

Learn more

Best Practice, Defense & Mitigation

EU plans Cyber Solidarity Act to improve cyber incident response capabilities

The new law includes the establishment of a cybersecurity reserve with emergency services. The EU Commission wants to use it to make Europe more resilient to threats from the Internet. The budget for this project is €1.1 billion.

Learn more

International investigations against criminal data sales platform successful

Spying on data, data theft and money laundering: this list of "offenses in online trading" was the reason for investigations against the criminal sales platform "Genesis Market". The Federal Criminal Police Office (BKA) and the Frankfurt General Prosecutor's Office initiated searches in all 16 German states of a total of 58 defendants residing in Germany. The platform had previously been seized and shut down by US authorities.

Learn more

Seized: servers of German DDoS provider shut down

DDoS attacks on several companies in Baden-Württemberg and Hesse, as well as on the Hesse police, have been carried out via FlyingHost since mid-2021. The Hesse State Criminal Police Office has now seized servers. Five suspects between the ages of 16 and 24 are accused of offering their attack services on the Darknet.

Learn more

Things to know

DDoS threat situation remains critical: authorities increasingly under fire

Analysis of mitigation data from Myra's Security Operations Center (SOC) for the first quarter of 2023 has revealed that the DDoS threat level for web applications, online portals and APIs remains high. Government agencies are particularly the focus of attackers.

Learn more

New DDoS attack vector: SLP vulnerability enables amplification attacks with a factor of 2,200

As a result of a vulnerability in the Service Location Protocol (SLP), new DDoS attacks are looming. Using vulnerable SLP instances as reflectors, criminals can amplify their attacks by a factor of up to 2,200. Myra customers are also protected against this new attack vector.

Learn more

Related articles