Trending Topics Cybersicherheit – June 2022

The top IT security topics in June 2022

IT-Security-Trends

BaFin: Increased risk of cyberattacks on the financial sector

At the beginning of June, BaFin warned for the second time within a matter of days of repeated attacks on IT infrastructure. The warning concerned DDoS attacks in particular. In its warning for the German financial sector, BaFin referred to the “Security Notice for Business” issued by the German domestic intelligence services (Verfassungsschutz).

Cybercrime

Cyberattack on the Green Party’s internal IT system

The party’s intranet, known as the “Green Network”, was attacked by cybercriminals on May 30. It is not yet known exactly what data was taken and whether it included sensitive information. According to a party spokeswoman, however, it did not involve a “large amount of data”.

Cyberattack on authorities and energy suppliers in the Rhine-Main region

A ransomware attack targeted the websites of Mainzer Mobilität (public transportation), Mainzer Stadtwerke (public utility company), Mainzer Netze Gesellschaft (public services) and Taubertsbergbad (public swimming pool), some of which could not be accessed as a result of the attack. According to the Mainzer Stadtwerke, however, there were no outages of critical infrastructure.

IT systems of University of Applied Sciences paralyzed after cyberattack

A “major IT security problem” led to the shutdown of all IT systems connected to the Internet on June 21, according to Münster University of Applied Sciences. The IT incident will probably also have an impact on exams, according to a spokesperson for the university.

Swiss pharmaceutical company targeted by cybercriminals

According to the website BleepingComputer, information related to Novartis has been offered for sale on the Darknet for $500,000 payable in Bitcoins. The information allegedly came directly from the laboratories of a Novartis factory associated with testing drugs based on RNA technologies. According to Novartis, however, the theft of sensitive data can be ruled out.

Failed: Digital health apps put to the test

The hacker collective Zerforschung has scrutinized two digital health applications (DiGAs) and found significant security flaws. The apps are designed to support patients suffering from depression and breast cancer. Sensitive data such as mail addresses, therapy programs, plain text passwords, diagnoses, diary data and doctor’s reports could be accessed.

Failed: Digital health apps put to the test

The hacker collective Zerforschung has scrutinized two digital health applications (DiGAs) and found significant security flaws. The apps are designed to support patients suffering from depression and breast cancer. Sensitive data such as mail addresses, therapy programs, plain text passwords, diagnoses, diary data and doctor’s reports could be accessed.

BSI chief warns of hacker attacks in Germany

Although no centrally coordinated campaign has been identified so far, Arne Schönbohm, President of the BSI (German Federal Office for Information Security), sees a significantly heightened threat level due to cyberattacks in Germany. Schönbohm said this at the “Potsdam Conference for National Cyber Security”.

Large-scale cyberattack on Lithuania

Lithuania has been hit by a large-scale cyberattack, according to the country’s government. As the Ministry of Defense explained, state institutions as well as private companies were subjected to fierce DDoS attacks. The worst attacks were quickly brought under control.

Price drop for stolen credit cards on online black market

A study by Privacy Affairs has exposed huge growth rates in the online black market for stolen credit cards and hacked PayPal and cryptocurrency accounts. As a result of this growth, prices are already plummeting for some items.

Best Practice, Defense & Mitigation

FBI seizes domains used for the sale of stolen data and DDoS services

The FBI and the U.S. Department of Justice recently seized three domains that cybercriminals had used to sell stolen data and DDoS attack services. As a result of the international law enforcement operation with the Dutch National Police Corps and the Belgian Federal Police, one suspect was arrested, server infrastructure was seized, and several sites were searched.

Flubot: Europol seizes Android spyware infrastructure

The spyware known as FluBot infects Android devices, spreads aggressively via SMS, and steals passwords, online banking details, and other sensitive information. According to Europol, the Dutch police took over the associated infrastructure back in May, disabling this strain of malware.

Operator of DDoS-for-hire service “Downthem” sentenced to two years in prison

Matthew Gatrel of St. Charles, Illinois, violated the Computer Fraud and Abuse Act (CFAA). He was sentenced to two years in prison for operating two DDoS-for-hire services through which thousands of customers had paid to carry out more than 200,000 attacks.

Europol succeeds in striking a blow against phishing gang

A Europol cross-border operation involving Belgian and Dutch police led to the dismantling of an organized crime gang involved in phishing, scams and money laundering. Firearms, ammunition, jewelry, electronic devices, cash and cryptocurrencies were seized during the investigation.

BSI publishes technical guidelines for the security of digital health applications

The security requirements for different areas of healthcare applications have been written to provide further guidance to manufacturers and operators. The Technical Guideline (TR) includes several sections with requirements for mobile applications (TR-03161-1), web applications (TR-03161-2) and background systems (TR-03161-3).

Things to know

Attackers exploit zero-day vulnerability in Atlassian Confluence for remote code execution

Attackers are using a zero-day vulnerability in Confluence Server and Data Center to deliver malicious code to vulnerable systems. Atlassian has since released patched versions of the affected products. With the Myra Hyperscale WAF you can protect your systems until the migration to these patched versions has taken place.

What is an Autonomous System and what are AS Numbers (ASN)?

Autonomous Systems (AS) are typically larger IP network associations that are managed by a single routing policy. For identification purposes, a unique Autonomous System Number (ASN) is assigned to each AS. The individual Autonomous Systems (AS) together make up the Internet.

What is DNS over TLS?

DNS over TLS (DoT) is a protocol for the encrypted transmission of DNS (Domain Name System) queries. Name resolution on the Internet is typically transmitted unencrypted via UDP. With DoT, however, the assignment of domains and the associated IP addresses is encrypted using the Transport Layer Security (TLS) protocol.

What is an Identity Provider (IDP)?

Identity providers (IDPs) are central access systems for service providers. Users make use of IDPs to verify their identity via password and/or other factors in order to log in to local devices or Internet accounts.