SECURITY INSIGHTS | February 01, 2024
Myra's monthly security highlights provide IT decision-makers and security professionals with the most relevant topics from the world of cybersecurity. Current trends, defense strategies and news on cyberattacks, attack campaigns and more can be found here in a clearly arranged format.
The latest Allianz Risk Barometer continues to rank cyberattacks as the biggest business risk for companies - both in Germany and worldwide. In Germany, 44% of the risk management experts surveyed cited cyber incidents as a major risk. The closely related general business interruptions follow in second place with 37%, ahead of changes in legislation and regulation (23%). Another major risk perceived in Germany is the shortage of skilled workforce. This risk ranks fourth in Germany, compared to tenth worldwide.
Given these figures, it is not surprising that the German Federal Financial Supervisory Authority (BaFin) is also increasingly focusing on IT risks. As in previous years, the regulator considers cyberattacks to be one of the main risks for the German financial market. The ongoing digital transformation of the financial sector is increasingly attracting attackers who are targeting digital financial assets and sensitive data. Financial companies therefore need to "invest more than ever in their operational security and stability", emphasized BaFin President Mark Branson. At the same time, he warned of potential risks from concentrations in the outsourcing of IT services, which BaFin also intends to pay particular attention to this year.
IT security trends
According to a survey by Allianz, cyber incidents are the biggest risk for companies and organizations in Germany - ahead of business interruptions and changes to legislation and regulation. For the current edition of the Allianz Risk Barometer, 3,069 risk management experts from 92 countries were surveyed.
The German Federal Financial Supervisory Authority (BaFin) classifies cyberattacks as one of the main risks for the financial sector. Digital financial assets and sensitive data are attractive assets for cyber criminals. This is why the supervisory authority is increasingly focusing on IT risks in 2024. "If our auditors find gaps in IT security, we are not afraid to intervene," says BaFin President Mark Branson.
According to the latest Global Data Protection Index from Dell, companies suffered an average loss of €1.29 million last year due to cyber attacks. This means that costs have more than doubled compared to the previous year. 54% of the companies surveyed worldwide were unable to access data in 2023 as a result of cyberattacks or system failures.
The major US bank JPMorgan Chase has registered a significant increase in attempted attacks on its IT systems over the past year. "The fraudsters get smarter, savvier, quicker, more devious and more mischievous," said Mary Callahan Erdoes, Head of JPMorgan Chase’s asset and wealth management division, at the World Economic Forum in Davos. This is why the bank invests $15 billion a year in strengthening its cyber defenses.
A cyberattack on an IT service provider has caused the websites and online services of chambers of crafts and trades in several German states to go offline. Initially, there was talk of an "IT security incident". Later, the Bavarian-based service provider ODAV AG confirmed a malware attack on its data center.
Following the visit of Ukrainian President Volodymyr Zelenskyi to the World Economic Forum in Davos, DDoS attacks have temporarily paralyzed Swiss government websites. According to the Swiss Federal Office for Cybersecurity (BACS), the overload attacks were already expected and quickly mitigated. The "NoName" group claimed responsibility for the DDoS attacks.
The FBI has warned of a botnet that steals access data to cloud platforms such as Amazon Web Services or Microsoft Office 365. The malware used for this, called Androxgh0st, exploits known vulnerabilities in various web frameworks and HTTP servers to extract usernames and passwords from .env files.
The group Midnight Blizzard aka Cozy Bear, allegedly linked to Russia, has gained access to emails from high-ranking Microsoft employees. These include messages from the cyber security and legal departments. A similar data leak occurred at Hewlett-Packard Enterprise (HPE).
Unknown attackers used SIM swapping to take over the X account (formerly Twitter) of the US Securities and Exchange Commission (SEC) in order to post a fake tweet about the supposed trading approval for Bitcoin ETFs. The price of the cryptocurrency shot up as a result, but plummeted again after the tweet was deleted. The compromised X account was not secured with two-factor authentication.
Trello data leak: over 15 million user records harvested via unsecured API
Unknown persons have copied publicly accessible data from more than 15 million users of the project management tool Trello and offered it for sale in an underground forum. The data was apparently collected via an API that could be used without authentication. The records contain names, email addresses and other account information.
The ransomware group Lockbit claims to have stolen hundreds of gigabytes of data from the fast food chain Subway. This apparently includes financial data, such as employee salaries, restaurant sales, as well as license and commission payments. As usual, the blackmailers are threatening to publish the data if their victim does not pay the ransom demanded by the beginning of February.
Best Practice, Defense & Mitigation
Ukrainian police, with the support of Europol, have arrested the alleged mastermind behind a large-scale cryptojacking campaign. The 29-year-old suspect is said to have compromised around 1,500 accounts of an e-commerce company and then misused its cloud resources to mine cryptocurrencies. In just over two years, he was able to mine around €1.8 million.
5,379 Gitlab servers worldwide still suffer from a critical security vulnerability that allows attackers to hijack accounts using the password reset function without any user interaction. Although patches have been available for several weeks, there are still 730 vulnerable instances in Germany alone.
Things to know
Together with international partner authorities, the German Federal Office for Information Security (BSI) has published the guide "Engaging with Artificial Intelligence (AI)". This provides an overview of the challenges and threats associated with the use of artificial intelligence in companies. The guide also contains recommendations for the safe use of AI systems.