Trending Topics Cybersecurity – June 2023

Cybercriminals target vulnerabilities and assets that are lucrative – regardless of industry or company size. June saw a whole series of cyberattacks that support this thesis. Already at the beginning of the month, the US hyperscaler Microsoft had to deal with outages of various cloud services. As the company subsequently announced, orchestrated DDoS attacks were responsible for the widespread outages of Teams, Outlook, Azure, and Co. The attackers had overloaded the group's server systems with a combination of different DDoS attack patterns, provoking the outages. In the middle of the month, the municipality of Hülben in the district of Reutlingen in Baden-Württemberg also suffered an outage of its systems. It was triggered by a serious cyberattack that caused a two-week outage of the town hall's digital citizen services and electronic communications.

More attacks, more complexity: intensified DDoS threat level

Also targeting organizations of various sizes and types was a broad DDoS attack campaign against cities, banks, airports, and rail network operators in Switzerland. According to the NCSC (National Cyber Security Center), the attackers belong to the "NoName057(16)" group. The online services of the international gaming group Activision Blizzard were also paralyzed by DDoS attacks. Customers were unable to log into games for hours. In addition, there were connection interruptions and performance problems.

Overall, the DDoS threat landscape has worsened massively recently, as scientific analyses by Lünendonk/KPMG and Verizon also show. According to these, DDoS attacks are currently perceived as the greatest risk by German IT executives. In particular, the number of attacks on web applications has increased enormously.

The top IT security topics in June

IT security trends

DDoS attack cripples Microsoft services

Cybercriminals have used a multi-vector attack to cause outages to various cloud services of US hyperscaler Microsoft. According to the company, the attackers used combinations of HTTP(S) flood, cache bypass and Slowloris attacks to overload the systems. The web portals of the Azure cloud, Outlook, Onedrive and Teams were among those affected by the DDoS attack.

Lünendonk/KPMG: DDoS dominates IT risk assessments

According to a recent study by Lünendonk and KPMG, DDoS attacks are perceived as the greatest security risk. This was the conclusion of the survey of executives from various sectors such as industry, financial services, chemicals & pharmaceuticals, energy, and telco & media.

Wave of DDoS attacks on Swiss cities, federal administration, airports, and banks

The websites and online services of many Swiss cities, the federal administration, airports, and banks have fallen victim to a large-scale wave of DDoS attacks. According to the NCSC (National Cyber Security Center), the group "NoName057(16)" claimed responsibility for the attacks.

Attacks on web applications are on the rise

DDoS attacks on web applications are among the most common causes of cyber incidents, according to the latest Verizon Data Breach Investigations Report. Other takeaways from the report include that the majority of attackers are motivated by monetary interests and that most attacks are related to organized crime.

Companies affected worldwide: Zero-day exploits in MOVEit data transfer software.

Critical vulnerabilities in MOVEit software allow attackers to steal corporate data. Hundreds of companies worldwide are suspected to be impacted by the zero-day exploits. In Germany, too, the vulnerabilities are said to have leaked data from many well-known companies, including: AOK, Barmer, EY, Siemens Energy, PwC and Verivox.

Network outages: 9 out of 10 companies are affected by downtime at least once a quarter

An international survey of CIOs and network engineers shows that the majority of companies regularly experience network outages. In Germany, 84% report at least one outage per quarter, with one in three CIOs (35%) expecting three to four interruptions.

GDPR: Streaming service fined millions

Music streaming provider Spotify has been ordered to pay a fine of 58 million Swedish kronor (around 5 million euros) by the Swedish Data Protection Authority. According to the authority, the company failed to transparently inform customers about the use of personal data.

Cybercrime

DDoS Attack on European Investment Bank (EIB)

An orchestrated DDoS attack on the EIB caused outages of various websites of the bank. According to the British news portal "The Telegraph", the group "Killnet" is behind the attacks.

Cyberattacks on medical services (MD) of Lower Saxony and Bremen.

The IT infrastructures of the MDs of Lower Saxony and Bremen were attacked by cyber criminals. No data was reportedly accessed as a result of the incident. The attack was investigated by IT forensic experts to ensure the integrity of the systems. Meanwhile, it was therefore only possible to reach the MDs by telephone, e-mail and fax to a limited extent.

Cyberattack on municipality in Baden-Württemberg

The administrative systems of the municipality of Hülben (Reutlingen district, BW) have been down due to a cyberattack. The attack caused the town hall's digital citizen services and electronic communication with the municipality to be unavailable for around two weeks. Data was also reportedly leaked as a result of the incident, according to the municipality.

U.S. clinic forced to close after cyberattack

Due to a severe ransomware attack, St. Margaret's Health hospital in Spring Valley, Illinois, was unable to request funds from insurance companies and government agencies for months. For financial reasons, the hospital management has now been forced to shut down operations.

Best practice, defense & mitigation

BSI pilot project launched for IT security in municipalities

The German Federal Office for Information Security (BSI) and leading municipal associations have launched the pilot project "Way to Basic Assurance" (WiBA) to improve IT security in municipalities. Three-day workshops will be held in May and June 2023 in six model municipalities to gather experience. The objective is to build an efficient and practical project to help all municipalities improve their protection measures.

International investigators take DDoS-as-a-service provider offline

Two people were arrested in a raid in Poland. They are alleged to have operated a platform for DDoS attack services since 2013. The servers of the service in question were taken offline. During the investigation, records were seized that contained information on more than 35,000 user accounts, 76,000 login credentials and 320,000 IP addresses of attacked systems.

Preventive protection required: Local authorities targeted

The recent attacks on the administrative systems of the municipalities of Rastatt and Ludwigsburg show that the public sector is increasingly becoming the focus of criminals due to the intensified cyber threat situation. Investigative authorities such as the LKA's cybercrime department or the cybersecurity agency are therefore focusing on building preventive protective measures to identify affected systems as quickly as possible in the event of an emergency and to minimize the attack surface in the public sector.

Things to know

How to avoid downtime: identify and fix the 9 most common causes.

Optimal availability and performance are the basic prerequisites for successful websites. In contrast, downtime of online services causes massive damage. In the Myra Fact Sheet on Downtime Minimization, IT managers learn how to protect their company from such damage.

Myra App: New user interface design optimizes operation and functionality

The Myra App is getting a user interface (UI) redesign. Our development team is redesigning the UI of the entire application to make it even easier and more intuitive to use. The new design will be rolled out gradually in the near future.