Trending Topics Cybersecurity – March 2023

SECURITY INSIGHTS | April 03, 2023

Myra's monthly security highlights provide IT decision-makers and security professionals with the most relevant topics from the world of cybersecurity. Current trends, defense strategies and news on cyber attacks, attack campaigns and more can be found here in a clearly arranged format.

Public administration is still one of the preferred targets of cybercriminals. Most recently, the authorities of the city of Rastatt were hit by an attack and could not be reached by email or telephone as a result of this attack. In the meantime, federal states and municipalities have moved to actively "fight back”: More and more initiatives with the slogan "Prevention against cyber attacks" are being founded. In Rhineland-Palatinate, for example, there are now specialized cybercrime units, a working group of the ministry and the leading municipal associations, and a mobile response team (MIRT) for the state administration to strengthen cyber and information security.

Particularly in the healthcare sector, data requiring special protection is handled daily, and its sensitivity makes it exceedingly attractive to cybercriminals. For example, Hospital Clinic de Barcelona recently had to cancel 150 surgeries and close to 3,000 scheduled examinations due to a ransomware attack. Cybercriminals are also becoming increasingly unscrupulous in their attacks: For example, the cybergang Alphv posted nude pictures of breast cancer patients on its Darknet website. This was preceded by an attack on the Lehigh Valley Health Network (LVHN) in Pennsylvania. German institutions were also affected: Criminals used malware to capture the data of 39 patients at Essen University Medical Center and published it on the darknet.

This and other important news, developments and insights from IT security can be found in the following overview.

The top IT security topics in March

IT security trends

FBI: critical infrastructure was increasingly targeted by cybercriminals in 2022

Ransomware gangs broke into the networks of at least 860 critical infrastructure operators last year, according to the Federal Bureau of Investigation's (FBI) Internet Crime Report. However, since the FBI report only includes attacks reported to the Internet Crime Complaint Center (IC3), it is likely that the actual number is even higher.

Learn more

Spear phishing: worrying increase in bill payments to fake accounts

Austrian IT security consultancy Certitude and CERT-AT warn of an increase in spear phishing: fraudsters try to divert bank transfers by social engineering via email. German and Austrian companies are particularly affected. 

Learn more

More than 721 million passwords stolen last year

According to a study by cybercrime analytics provider SpyCloud, researchers discovered 721.5 million unprotected login credentials on the Internet last year. Many of these credentials were stolen from corporate applications using malware. Most critically, 72 percent of users affected by access data theft continue to use their compromised passwords.

Learn more

Cybercriminals abuse hype around ChatGPT

The hype around ChatGPT has also drawn the attention of criminals to the AI tool: via a well-crafted copy of the official website, they offer a supposed desktop client for ChatGPT. However, the download is an archive with an executable file. Once the installation process is initiated, it terminates with an error message and a Trojan is installed in the background.

Learn more


Trojan in softphone app - BSI issues orange alert

"The IT threat situation is business critical. Massive impairment of regular operations." This means raising the IT threat level to "3 / Orange". Around 600,000 customers worldwide and 12 million daily users of the digitally signed softphone app 3CX are affected: Among other things, the malicious code contained reloads a so-called Infostealer from the Internet.

Learn more

Due to ransomware attack: hospital must cancel hundreds of operations and thousands of examinations

The attack paralyzed Hospital Clinic de Barcelona's computers in its laboratories, emergency room and pharmacies in three main centers and several external clinics. As a result, 150 surgeries and 3,000 scheduled examinations had to be canceled. A spokesman said it was not yet possible to predict when the systems would be able to return to normal operation.

Learn more

Municipal offices completely offline after cyber attack

Due to an attack, the offices of the city of Rastatt were temporarily unavailable by mail or telephone. It is not known who is behind the attack and whether there are any claims. External experts are currently trying to repair the damage and identify the culprit. They are also looking for possible security vulnerabilities.

Learn more

German production plants in focus: cyber attack on building materials producer from Feldkirchen

Both Steico's production and administration were affected by the attack. The full extent of the attack is not yet known. It is also unclear whether it was extortion with ransomware.

Learn more

German energy provider targeted by cybercriminals

The Karlsruhe municipal utility was the target of an attempted ransomware attack. In the first step, the cybercriminals read out the passwords of a high-ranking employee and spied out further data. However, they did not get any further: the malware was not able to spread and did not infiltrate the separated systems of the critical infrastructure, according to a spokesperson for the company.

Learn more

Patient data published on the darknet

Criminals used malware to steal the data of 39 patients at Essen University Hospital and published it on the darknet. The data concerned the names and dates of birth of those affected; the health data itself was encrypted and did not provide any information about the illness.

Learn more

Unscrupulous: patient images published on the darknet after ransomware attack

"Your time is running out. We are ready to unleash our full power against you!" That's the threat from the cybergang Alphv, which attacked Pennsylvania's Lehigh Valley Health Network (LVHN) with the ransomware Blackcat. Specifically, the threat is to publish sensitive stolen patient data, such as the nude pictures of breast cancer patients that have already been published on Alphv's darknet website.

Learn more

Best practice, defense & mitigation

Cooperation agreement for higher cybersecurity levels and better resilience against cyberattacks

The German Federal Office for Information Security (BSI) and the state of Rhineland-Palatinate have signed a cooperation agreement. The goal is a close and trusting exchange on cybersecurity information and warnings. In addition, mutual job shadowing is planned. In addition to partnership support for incident reports, awareness lectures are also planned.

Learn more

Cyberattack on administration in Rhine-Palatinate district: municipalities and state rely on prevention

Specialized cybercrime units, a working group of the ministry and top municipal associations, and a mobile response team (MIRT) for the state administration to strengthen cyber and information security: about five months after the attack on the administration of Rhine-Palatinate district, municipalities and the state government are gearing up for similar cases.

Learn more

Perpetrators behind ransomware attack on Düsseldorf university hospital caught

Members of the "DoppelPaymer" group were arrested by the North Rhine-Westphalia State Criminal Police Office in cooperation with the Ukrainian police. The operation targeted suspected members and was supported by the European police agency Europol as well as the FBI and Dutch police.

Learn more

NIST updates Cybersecurity Framework

The U.S. Institute of Standards and Technology (NIST) is responding to constant changes in the IT attack landscape: version 2.0 of the Cybersecurity Framework is designed to provide updated guidance and best practices against cybercrime to businesses and critical infrastructure.

Learn more

Baits for cybercriminals: U.K. National Crime Agency operates with fake "DDoS-for-hire sites"

The operation is part of an ongoing international collaboration called "Operation PowerOFF" aimed at disrupting criminal DDoS-for-hire infrastructures worldwide. It involves authorities from the U.S., the Netherlands, Germany and Poland, as well as the European police agency Europol.

Learn more

IT security is a matter for the boss: BSI updates security manual

It won't work without backing from the boardroom: The "Management of Cyber Risks" handbook is designed to help communicate the importance of IT security at the executive level and integrate it into the risk management strategy. The German Federal Office for Information Security (BSI) developed the handbook together with the Internet Security Alliance (ISA).

Learn more

Things to know

NIS-2 is coming: new regulations for German companies

The new NIS-2 directive means that more companies count as critical infrastructures (KRITIS). In Germany alone, their number will increase tenfold. Across Europe, an estimated 100,000 companies will be added. At the same time, NIS-2 significantly tightens the regulatory requirements for IT security and introduces stricter sanction measures. The new regulations must be implemented at the national level by fall 2024.

Learn more