Home>
Trending Topics Cybersecurity – December 2024
SECURITY INSIGHTS | January 01, 2025
Myra's monthly security highlights provide IT managers and security experts with the most relevant topics from the world of cybersecurity. Current trends, defense strategies and reports on cyberattacks, attack campaigns and more are clearly presented here.
The ENISA report on the cybersecurity situation in the European Union paints an ambivalent picture: the threat landscape in Europe is characterized by complex threats and targeted attacks. While the member states are strategically well positioned, there are still major differences in the implementation of security measures. In particular, political will must be strengthened in this context, the cybersecurity agency recommends. The security experts see further areas for action in crisis management and in securing supply chains, for example.
Meanwhile, authorities are reporting an increase in cyberattacks at the end of the year. While state actors in the US have embedded themselves in telecommunication infrastructures, coordinated DDoS attack waves are being launched against companies and public administration in Germany.
Meanwhile, the successes of the investigating authorities against organized cybercrime are encouraging: Interpol has seized over 400 million US dollars and arrested 5,500 suspects as part of Operation “Haechi V”. Europol closed 27 illegal DDoS booter services and the German Federal Criminal Police Office took a large online marketplace for illegal goods offline.
In addition, newly adopted EU legislation that has come into force, such as the Cyber Solidarity Act and the Cyber Resilience Act, underlines the will to systematically improve cybersecurity and strengthen the resilience of digitally networked systems.
IT Security Trends
ENISA report: cyber threat level in the EU remains high
The EU cybersecurity agency ENISA has published its first report on the cybersecurity situation in the EU, which is intended to provide information every two years on the current situation in the member states in accordance with Article 18 of the NIS 2 Directive. According to the report, the threat level remains tense. Despite well-coordinated strategies among member states, there are still differences in the implementation of security measures, as the report notes. Four priority areas for action have been identified: improving political implementation, establishing effective crisis management, strengthening supply chain security and tackling the shortage of skilled workers through a unified training offensive.
Targeted espionage attacks on telecommunications providers in the US and other countries
Cybercriminals from China are said to have gained access to the telecommunications infrastructure of providers in the US and dozens of other countries in order to spy on politicians, among other things. This was reported by the Wall Street Journal, citing the US government. At least eight providers are said to be affected in the US alone. Because it is still unclear how far the attackers have embedded themselves in the networks, the FBI and CISA are advising encrypted communication.
CRA comes into force: BSI aims for market surveillance
The European Cyber Resilience Act (CRA) came into force on December 10, 2024, and requires manufacturers to equip connected products with minimum cybersecurity standards by December 2027. The German Federal Office for Information Security (BSI) is actively promoting national market surveillance and has already developed support tools such as the TR-03183 guideline and an IT security mark.
Cybercrime
Coordinated DDoS attacks against German companies and authorities
In mid-December, a coordinated DDoS campaign was launched against the websites of German companies and authorities in the name of the cyber group NoName057(16). The attacks, which were coordinated via Telegram, targeted companies such as firearms manufacturer Walther and energy supplier Vattenfall, as well as various federal authorities. Some of the attacked domains were temporarily difficult or impossible to access due to the attacks.
Attack on Ingolstadt Clinic averted: IT systems remain unscathed
In early December, Ingolstadt Clinic detected a cyberattack at an early stage and successfully averted it, ensuring that neither operations nor patient care were affected. “Immediate measures by our own IT department prevented the attack from spreading further. The hospital's operations were and are possible without restriction at all times,” said Dr. Andreas Tiete, Medical and Managing Director of the hospital.
After cyberattacks: presidential election in Romania must be repeated
Due to massive interference in the election campaign through cyberattacks on the electoral authority and targeted campaigns on TikTok, the presidential election in Romania must be repeated. This was decided by the country's supreme court. The judges spoke of an “aggressive Russian hybrid attack” aimed at supporting the far-right and pro-Russian candidate Calin Georgescu.
Best Practice, Defense & Mitigation
BBK and BSI publish guide to managing and preventing municipal IT crises
The Federal Office of Civil Protection and Disaster Assistance (BBK) and the Federal Office for Information Security (BSI) have published a joint guide to strengthen protection against cyber threats and raise awareness of IT crises. The 100-page modular guide “Municipal IT Crises: Ensuring the Ability to Act” contains measures for prevention, incident management and recovery, as well as information on external support options.
BKA strikes against illegal online marketplace “Crimenetwork”
Investigators from the Federal Criminal Police Office (BKA) and the Office of the Public Prosecutor General in Frankfurt am Main have taken down the largest German-language online marketplace for illegal goods and services. The servers of the “Crimenetwork” platform have been shut down and the alleged head of technology arrested. The marketplace, which was used primarily to trade stolen data, drugs and forged documents, is thought to have had more than 100,000 registered users at last count.
Fight against cybercrime: Interpol seizes over 400 million US dollars
Interpol has announced a significant success in the fight against cybercrime. As part of Operation Haechi V, law enforcement authorities from 40 countries arrested over 5,500 suspects and seized funds and assets worth more than 400 million US dollars. Among other things, investigators were able to dismantle a phishing network that is thought to have caused financial damage of around 1.1 billion US dollars to around 1,900 victims.
New legislation to strengthen cybersecurity in Europe
The Council of the European Union has adopted two important components of the “cybersecurity package” to improve EU-wide cooperation and resilience against cyber threats. More specifically, the new Cybersecurity Act (CSA) and an amendment to the existing Cybersecurity Act (CSA). The aim of these initiatives is to expand the EU's ability to detect, prevent and manage cybersecurity risks and incidents, and to strengthen solidarity between member states in this area.
Operation “Power Off”: Europol takes down 27 illegal DDoS booter services
As part of Operation Power Off, Europol has shut down a total of 27 so-called IP stresser or booter services, which cybercriminals could use to carry out denial-of-service attacks on websites, servers or networks for a small fee. Three administrators of the illegal services were arrested in France and Germany. In addition, more than 300 users have been identified. A total of 15 countries were involved in the concerted action.
Things to know
A SYN flood is one of the most common forms of denial-of-service attacks. The attack method aims to overload a network or server with a flood of SYN packets, making it unavailable to legitimate users. Learn how a SYN flood attack works, what dangers it poses, and how you can effectively protect your organization.
Security Insights
01 December 2024
Security Insights
01 November 2024
Security Insights
01 October 2024
Security Insights
01 September 2024