Trending Topics Cybersecurity – December 2023

DDoS attacks represent a persistent and significant security risk for companies and authorities. According to a recent study by the European Union Agency for Cybersecurity (ENISA), geopolitics, among other things, are fueling the threat situation. Attackers have increasingly efficient and cost-effective means at their disposal to carry out such overload attacks.  At the same time, they are becoming more professional and aggressive.

According to the study, all sectors were affected by DDoS attacks in the period from January 2022 to August 2023. However, the government administration sector was the most affected with a share of 46%. ENISA assumes a political motivation or activist agendas behind two thirds of the attacks, for example in connection with the war in Ukraine. Also noteworthy: 56.8% of the DDoS attacks investigated caused total disruption in the target. This shows how important effective protective measures are.

The top IT security topics in December:

ENISA: Public sector most affected by DDoS attacks

According to a study by the European Union Agency for Cybersecurity (ENISA), almost half (46%) of all DDoS attacks target the government administration sector. 56.8% of overload attacks cause a total disruption in the target. An estimated two thirds of the DDoS attacks recorded were politically motivated.

Study: Skills shortages jeopardize cybersecurity

According to the ISC2 Cybersecurity Workforce Study 2023, half of the cybersecurity professionals surveyed in Germany believe that their organization will not be able to respond adequately to cyber incidents in the next two to three years. The main reasons for this are a lack of manpower (68%) and skills shortages (88%). Germany is the only country in an international comparison in which the number of employees in the field of cyber security has decreased despite growing demand.

BSI registers around 70 new vulnerabilities a day

The German Federal Office for Information Security (BSI) records around 70 zero-days, i.e. previously unknown vulnerabilities, every day. BSI President Claudia Plattner explained this at the anniversary celebration of the Fraunhofer Athene cyber security research center. A vulnerability management system announced by the Federal Ministry of the Interior was also discussed at the event, although no details have yet been released.

Cyberattacks lead to outages at mobile phone provider and online bank in Ukraine

A massive cyberattack on Ukraine's largest telecommunications provider Kyivstar has led to nationwide outages of telephone and internet connections. According to the company, the IT infrastructure was "partially destroyed". The online bank Monobank, on the other hand, was hit by a DDoS attack aimed at overloading its services.

Data leak at genetic analysis company: thousands of customer profiles and millions of linked accounts affected

According to 23andme, cyber criminals have stolen the personal and genetic data of 0.1% of all customers in a credential stuffing attack. This means that around 14,000 accounts were directly compromised. However, millions of customer profiles linked to these accounts were also indirectly affected.

Ransomware attack on IT service provider HTC Global Services

HTC Global Services has confirmed a cybersecurity incident. It was apparently a ransomware attack by the group ALPHV aka Blackcat. According to the group's leak page, customer data such as passport and ID documents, contact lists, email addresses and other confidential documents were stolen. The IT service provider's customers include institutions from the financial and insurance sectors as well as the public sector.

Parking app admits data loss due to cyber attack

The provider of the parking app Easypark has confirmed the leakage of "non-sensitive" customer data following a cyber attack. The compromised information includes names, telephone numbers, addresses and email addresses. Some digits of IBAN and credit card numbers were also compromised. However, it should not be possible to make payments with these.

Clothing manufacturer forced to file for bankruptcy after cyber attack

An extortion attack has paralyzed all digital processes and the entire operational business of Erfo. The attackers demanded a high ransom. As a result, the textile company from Nordhorn was forced to file for bankruptcy. The e-bike manufacturer Prophete suffered a similar fate at the beginning of the year.

FBI: 300 organizations were targeted by Play ransomware - including critical infrastructures

According to the US Federal Bureau of Investigation (FBI), the Play ransomware group blackmailed around 300 organizations worldwide between June 2022 and October 2023, including operators of critical infrastructure. Victims included the city of Oakland in California, the cloud computing provider Rackspace and the Belgian city of Antwerp.

Agreement on Cyber Resilience Act: New security standards for connected devices in the EU

The EU Commission, the European Parliament and the Council of the European Union have reached an agreement on the Cyber Resilience Act in the trilogue negotiations. The EU regulation defines new minimum requirements for the security of connected devices. Among other things, manufacturers will generally have to provide security updates for five years in future.

Law enforcement agencies strike a blow against ransomware group Blackcat

International investigative authorities have succeeded in gaining access to parts of the IT infrastructure of the ransomware group Blackcat aka ALPHV. In the process, they obtained a number of decryption keys and were thus able to help over 500 victims. The cyber extortionists are now threatening retaliation and attacks on critical infrastructure.

Federal Criminal Police Office shuts down darknet marketplace "Kingdom Market"

In an internationally coordinated operation with other law enforcement agencies, the Federal Criminal Police Office (BKA) has seized the server infrastructure of the illegal darknet marketplace "Kingdom Market".  Over 42,000 products, ranging from drugs to malware and criminal services, were offered on the now closed platform.

After end of support: Thousands of vulnerable Exchange servers accessible online

According to security researchers, more than 20,000 publicly accessible Exchange servers worldwide are potentially vulnerable. Around half of these are located in Europe. The servers use an outdated version of Microsoft Exchange for which updates are no longer available. Attackers could exploit several critical vulnerabilities for remote code execution.

Due to new EU cyber security requirements: Porsche stops selling the Macan

Porsche will no longer be selling its Macan SUV model in the EU from spring. The VW subsidiary justifies this step by stating that new cybersecurity regulations for cars will come into force from July 1, 2024, which the current model does not meet. The company believes that adapting to the new approval regulations is too expensive.