Trending Topics Cybersecurity – March 2023

The top IT security topics in March

IT security trends

FBI: critical infrastructure was increasingly targeted by cybercriminals in 2022

Ransomware gangs broke into the networks of at least 860 critical infrastructure operators last year, according to the Federal Bureau of Investigation's (FBI) Internet Crime Report. However, since the FBI report only includes attacks reported to the Internet Crime Complaint Center (IC3), it is likely that the actual number is even higher.

Spear phishing: worrying increase in bill payments to fake accounts

Austrian IT security consultancy Certitude and CERT-AT warn of an increase in spear phishing: fraudsters try to divert bank transfers by social engineering via email. German and Austrian companies are particularly affected. 

More than 721 million passwords stolen last year

According to a study by cybercrime analytics provider SpyCloud, researchers discovered 721.5 million unprotected login credentials on the Internet last year. Many of these credentials were stolen from corporate applications using malware. Most critically, 72 percent of users affected by access data theft continue to use their compromised passwords.

Cybercriminals abuse hype around ChatGPT

The hype around ChatGPT has also drawn the attention of criminals to the AI tool: via a well-crafted copy of the official website, they offer a supposed desktop client for ChatGPT. However, the download is an archive with an executable file. Once the installation process is initiated, it terminates with an error message and a Trojan is installed in the background.

Cybercrime

Trojan in softphone app - BSI issues orange alert

"The IT threat situation is business critical. Massive impairment of regular operations." This means raising the IT threat level to "3 / Orange". Around 600,000 customers worldwide and 12 million daily users of the digitally signed softphone app 3CX are affected: Among other things, the malicious code contained reloads a so-called Infostealer from the Internet.

Due to ransomware attack: hospital must cancel hundreds of operations and thousands of examinations

The attack paralyzed Hospital Clinic de Barcelona's computers in its laboratories, emergency room and pharmacies in three main centers and several external clinics. As a result, 150 surgeries and 3,000 scheduled examinations had to be canceled. A spokesman said it was not yet possible to predict when the systems would be able to return to normal operation.

Municipal offices completely offline after cyber attack

Due to an attack, the offices of the city of Rastatt were temporarily unavailable by mail or telephone. It is not known who is behind the attack and whether there are any claims. External experts are currently trying to repair the damage and identify the culprit. They are also looking for possible security vulnerabilities.

German production plants in focus: cyber attack on building materials producer from Feldkirchen

Both Steico's production and administration were affected by the attack. The full extent of the attack is not yet known. It is also unclear whether it was extortion with ransomware.

German energy provider targeted by cybercriminals

The Karlsruhe municipal utility was the target of an attempted ransomware attack. In the first step, the cybercriminals read out the passwords of a high-ranking employee and spied out further data. However, they did not get any further: the malware was not able to spread and did not infiltrate the separated systems of the critical infrastructure, according to a spokesperson for the company.

Patient data published on the darknet

Criminals used malware to steal the data of 39 patients at Essen University Hospital and published it on the darknet. The data concerned the names and dates of birth of those affected; the health data itself was encrypted and did not provide any information about the illness.

Unscrupulous: patient images published on the darknet after ransomware attack

"Your time is running out. We are ready to unleash our full power against you!" That's the threat from the cybergang Alphv, which attacked Pennsylvania's Lehigh Valley Health Network (LVHN) with the ransomware Blackcat. Specifically, the threat is to publish sensitive stolen patient data, such as the nude pictures of breast cancer patients that have already been published on Alphv's darknet website.

Best practice, defense & mitigation

Cooperation agreement for higher cybersecurity levels and better resilience against cyberattacks

The German Federal Office for Information Security (BSI) and the state of Rhineland-Palatinate have signed a cooperation agreement. The goal is a close and trusting exchange on cybersecurity information and warnings. In addition, mutual job shadowing is planned. In addition to partnership support for incident reports, awareness lectures are also planned.

Cyberattack on administration in Rhine-Palatinate district: municipalities and state rely on prevention

Specialized cybercrime units, a working group of the ministry and top municipal associations, and a mobile response team (MIRT) for the state administration to strengthen cyber and information security: about five months after the attack on the administration of Rhine-Palatinate district, municipalities and the state government are gearing up for similar cases.

Perpetrators behind ransomware attack on Düsseldorf university hospital caught

Members of the "DoppelPaymer" group were arrested by the North Rhine-Westphalia State Criminal Police Office in cooperation with the Ukrainian police. The operation targeted suspected members and was supported by the European police agency Europol as well as the FBI and Dutch police.

NIST updates Cybersecurity Framework

The U.S. Institute of Standards and Technology (NIST) is responding to constant changes in the IT attack landscape: version 2.0 of the Cybersecurity Framework is designed to provide updated guidance and best practices against cybercrime to businesses and critical infrastructure.

Baits for cybercriminals: U.K. National Crime Agency operates with fake "DDoS-for-hire sites"

The operation is part of an ongoing international collaboration called "Operation PowerOFF" aimed at disrupting criminal DDoS-for-hire infrastructures worldwide. It involves authorities from the U.S., the Netherlands, Germany and Poland, as well as the European police agency Europol.

IT security is a matter for the boss: BSI updates security manual

It won't work without backing from the boardroom: The "Management of Cyber Risks" handbook is designed to help communicate the importance of IT security at the executive level and integrate it into the risk management strategy. The German Federal Office for Information Security (BSI) developed the handbook together with the Internet Security Alliance (ISA).

Things to know

NIS-2 is coming: new regulations for German companies

The new NIS-2 directive means that more companies count as critical infrastructures (KRITIS). In Germany alone, their number will increase tenfold. Across Europe, an estimated 100,000 companies will be added. At the same time, NIS-2 significantly tightens the regulatory requirements for IT security and introduces stricter sanction measures. The new regulations must be implemented at the national level by fall 2024.