Trending Topics Cybersecurity – February 2024

SECURITY INSIGHTS | March 01, 2024

Myra's monthly security highlights provide IT decision-makers and security professionals with the most relevant topics from the world of cybersecurity. Current trends, defense strategies and news on cyberattacks, attack campaigns and more can be found here in a clearly arranged format.

Organizations from Europe are currently particularly in the crosshairs of cyber criminals. According to a recent study by IBM, the number of attacks has risen by around a third. Around three quarters of the attacks targeted critical infrastructure organizations. This trend is also reflected in the rising expenditure on IT security in Germany: according to forecasts by the industry association Bitkom, investments will exceed the €10 billion mark for the first time in 2024.

One reason for the tense threat situation is the increasing professionalization of cyber criminals, which has already been pointed out by the German Federal Office for Information Security (BSI). Cybercrime-as-a-Service platforms provide criminal services such as DDoS attacks via the darknet at low cost. A new platform of this kind was launched in February by the well-known cyber group Anonymous Sudan.

Meanwhile, the fight against cyber groups continues to keep national and international investigative authorities on their toes. BKA, Interpol, FBI and Co. continue to strike heavy blows against organized cybercrime, as the Lockbit raid shows. However, it often only takes a few days for the cyber criminals to return with new attack tools, as was also the case with Lockbit. This makes the authorities' approach to combating cyber criminals similar to the battle of the Hydra – the monster from Greek mythology whose two heads grow back when one is cut off.

The top IT security topics in February:

IT security trends

Europe is the focus of cyber attacks

Evaluations of IBM's annual "X-Force Threat Intelligence Index" have shown that European organizations in particular are the target of cyber attacks. Compared to the previous year, there was a 31% increase in incidents here. Within the EU, 3 out of 4 attacks targeted critical infrastructure.

Munich Security Report 2024: Cyber attacks are the second biggest security risk

The G7 countries perceive the threat of cyber attacks as one of the greatest current risks. In the Munich Security Report published for this year's Munich Security Conference, the topic ranks second in the Munich Security Index - a new high. In Germany, 74% of respondents rate the threat of cyber attacks as "imminent".

New national IT Situation Center of the BSI opened in Bonn

The Federal Office for Information Security (BSI) has a new national IT Situation Center. The facility, which opened in Bonn on February 6, will be used by ten experts to evaluate reports of IT security incidents and vulnerabilities during normal operations. In an emergency, up to 100 security experts can work together there.

Bitkom forecast: expenditure on IT security to rise to €10.5 billion in 2024

The digital association Bitkom expects spending on IT security to exceed the €10 billion mark for the first time this year. Specifically, it is expected to grow by 13.1% year-on-year to around €10.5 billion. For security software and IT security services, the association forecasts an increase of 16.9% and 12% respectively.

Cybercrime

Automotive division of Thyssenkrupp suffers cyber incident

Unknown attackers have succeeded in accessing the IT systems of Thyssenkrupp's automotive division. Due to the incident, production at the Wadern-Lockweiler plant in Saarland had to be temporarily shut down. Details of the incident and possible data losses are currently unknown. The company is working on a gradual return to normal operations. (as of 27.02.2024)

Berlin clinic was the victim of a cyber attack

An attack on the IT infrastructure of the Caritas Dominikus Clinic in Berlin resulted in restrictions on accessibility via digital communication channels. The telephone system was also affected, which is why an emergency telephone number was temporarily set up. The attack is not believed to have resulted in a data breach.

Infrashutdown: Cyber group launches DDoS-for-hire service

Anonymous Sudan has announced the launch of a new DDoS-for-hire service. The platform will enable cyber criminals to book DDoS attacks as a service without having to use their own attack tools. In its latest annual report, the German Federal Office for Information Security (BSI) warned of the increasing professionalization of cyber criminals, which is said to be reflected in the emergence of attack services such as Infrashutdown.

Cyber criminals use subdomain hijacking for massive spam campaign

Security researchers have discovered a large-scale spam email campaign in which the attackers use subdomain hijacking to bypass common spam filters. The campaign is said to have been operational since 2022 and includes thousands of legitimate domains from well-known organizations – including MSN, VMware, McAfee, CBS, Unicef, Symantec, Java.net and eBay. The criminals are said to have sent more than 5 million spam emails with links to malicious websites every day.

Data breach as a result of attack on KaDeWe

Cyber criminals succeeded in attacking the Berlin department store KaDeWe at the beginning of November 2023. The final report on the incident now available states that data on around 857 employees and around 4,300 customers have been leaked during the attack. According to KaDeWe Group GmbH, no account or credit card data was affected.

DDoS attack on Copenhagen Airport

Cyber attackers have managed to shut down the website of the airport in the Danish capital Copenhagen. Passengers were then asked to use the airport app to find out about upcoming trips.

Massive data leak at doctor appointment service

Hackers from the Chaos Computer Club (CCC) have discovered a blatant security leak in the doctor appointment booking service Dubidoc: the personal data of almost one million patients was openly accessible via the Internet. The CCC informed Dubidoc and the state data protection authority of North Rhine-Westphalia about the data leak.

Best Practice, Defense & Mitigation

US authorities take down Volt Typhoon botnet

A botnet consisting mainly of old routers belonging to the Volt Typhoon cyber group has been busted by FBI investigators. The officials were able to remotely remove the malware installed on the legacy devices and block communication with the botnet.

NIST publishes new Cybersecurity Framework 2.0

The National Institute for Standards and Technology (NIST) has published a new framework for reducing cyber risks. For the first time, the new Cybersecurity Framework 2.0 includes recommendations for organizations outside of critical infrastructure.

Investigating authorities strike a blow against Lockbit

In mid-February, international investigative authorities busted parts of the Lockbit infrastructure and seized the ransomware group's darknet website. As part of the raid, the authorities confiscated 34 servers and over 200 crypto accounts. Two suspects were arrested. But just one week later, the cyber criminals returned with newly set up servers at a different address – new targets have also already been named.

FBI and BKA shut down spy network

A router botnet apparently set up by Russian intelligence services for espionage purposes has been dismantled by German security authorities as part of an FBI operation. The botnet consisted of hundreds of clients from small offices and private households.

Things to know

What is a web application firewall (WAF)?

A web application firewall (WAF) protects web applications from cyber attacks and attacks on security vulnerabilities. The protection solution monitors the traffic between clients and web servers and blocks malicious access before it reaches the server.

Related articles