Trending Topics Cybersecurity – June 2023
SECURITY INSIGHTS | July 01, 2023
Myra's monthly security highlights provide IT decision-makers and security professionals with the most relevant topics from the world of cybersecurity. Current trends, defense strategies and news on cyber attacks, attack campaigns and more can be found here in a clearly arranged format.
Cybercriminals target vulnerabilities and assets that are lucrative – regardless of industry or company size. June saw a whole series of cyberattacks that support this thesis. Already at the beginning of the month, the US hyperscaler Microsoft had to deal with outages of various cloud services. As the company subsequently announced, orchestrated DDoS attacks were responsible for the widespread outages of Teams, Outlook, Azure, and Co. The attackers had overloaded the group's server systems with a combination of different DDoS attack patterns, provoking the outages. In the middle of the month, the municipality of Hülben in the district of Reutlingen in Baden-Württemberg also suffered an outage of its systems. It was triggered by a serious cyberattack that caused a two-week outage of the town hall's digital citizen services and electronic communications.
Also targeting organizations of various sizes and types was a broad DDoS attack campaign against cities, banks, airports, and rail network operators in Switzerland. According to the NCSC (National Cyber Security Center), the attackers belong to the "NoName057(16)" group. The online services of the international gaming group Activision Blizzard were also paralyzed by DDoS attacks. Customers were unable to log into games for hours. In addition, there were connection interruptions and performance problems.
Overall, the DDoS threat landscape has worsened massively recently, as scientific analyses by Lünendonk/KPMG and Verizon also show. According to these, DDoS attacks are currently perceived as the greatest risk by German IT executives. In particular, the number of attacks on web applications has increased enormously.
Cybercriminals have used a multi-vector attack to cause outages to various cloud services of US hyperscaler Microsoft. According to the company, the attackers used combinations of HTTP(S) flood, cache bypass and Slowloris attacks to overload the systems. The web portals of the Azure cloud, Outlook, Onedrive and Teams were among those affected by the DDoS attack.
According to a recent study by Lünendonk and KPMG, DDoS attacks are perceived as the greatest security risk. This was the conclusion of the survey of executives from various sectors such as industry, financial services, chemicals & pharmaceuticals, energy, and telco & media.
The websites and online services of many Swiss cities, the federal administration, airports, and banks have fallen victim to a large-scale wave of DDoS attacks. According to the NCSC (National Cyber Security Center), the group "NoName057(16)" claimed responsibility for the attacks.
DDoS attacks on web applications are among the most common causes of cyber incidents, according to the latest Verizon Data Breach Investigations Report. Other takeaways from the report include that the majority of attackers are motivated by monetary interests and that most attacks are related to organized crime.
Critical vulnerabilities in MOVEit software allow attackers to steal corporate data. Hundreds of companies worldwide are suspected to be impacted by the zero-day exploits. In Germany, too, the vulnerabilities are said to have leaked data from many well-known companies, including: AOK, Barmer, EY, Siemens Energy, PwC and Verivox.
An international survey of CIOs and network engineers shows that the majority of companies regularly experience network outages. In Germany, 84% report at least one outage per quarter, with one in three CIOs (35%) expecting three to four interruptions.
Music streaming provider Spotify has been ordered to pay a fine of 58 million Swedish kronor (around 5 million euros) by the Swedish Data Protection Authority. According to the authority, the company failed to transparently inform customers about the use of personal data.
An orchestrated DDoS attack on the EIB caused outages of various websites of the bank. According to the British news portal "The Telegraph", the group "Killnet" is behind the attacks.
The IT infrastructures of the MDs of Lower Saxony and Bremen were attacked by cyber criminals. No data was reportedly accessed as a result of the incident. The attack was investigated by IT forensic experts to ensure the integrity of the systems. Meanwhile, it was therefore only possible to reach the MDs by telephone, e-mail and fax to a limited extent.
The administrative systems of the municipality of Hülben (Reutlingen district, BW) have been down due to a cyberattack. The attack caused the town hall's digital citizen services and electronic communication with the municipality to be unavailable for around two weeks. Data was also reportedly leaked as a result of the incident, according to the municipality.
Due to a severe ransomware attack, St. Margaret's Health hospital in Spring Valley, Illinois, was unable to request funds from insurance companies and government agencies for months. For financial reasons, the hospital management has now been forced to shut down operations.
The German Federal Office for Information Security (BSI) and leading municipal associations have launched the pilot project "Way to Basic Assurance" (WiBA) to improve IT security in municipalities. Three-day workshops will be held in May and June 2023 in six model municipalities to gather experience. The objective is to build an efficient and practical project to help all municipalities improve their protection measures.
Two people were arrested in a raid in Poland. They are alleged to have operated a platform for DDoS attack services since 2013. The servers of the service in question were taken offline. During the investigation, records were seized that contained information on more than 35,000 user accounts, 76,000 login credentials and 320,000 IP addresses of attacked systems.
The recent attacks on the administrative systems of the municipalities of Rastatt and Ludwigsburg show that the public sector is increasingly becoming the focus of criminals due to the intensified cyber threat situation. Investigative authorities such as the LKA's cybercrime department or the cybersecurity agency are therefore focusing on building preventive protective measures to identify affected systems as quickly as possible in the event of an emergency and to minimize the attack surface in the public sector.
Optimal availability and performance are the basic prerequisites for successful websites. In contrast, downtime of online services causes massive damage. In the Myra Fact Sheet on Downtime Minimization, IT managers learn how to protect their company from such damage.
The Myra App is getting a user interface (UI) redesign. Our development team is redesigning the UI of the entire application to make it even easier and more intuitive to use. The new design will be rolled out gradually in the near future.