Trending Topics Cybersecurity – March 2024

Public authorities and private companies are increasingly being targeted by cyber criminals due to geopolitical events. While organizations from Switzerland, Finland, Sweden and Germany have been affected by waves of attacks in recent months, attackers targeted French government websites in March.

The French authorities were confronted with cyber attacks of "unprecedented intensity", according to the office of Prime Minister Gabriel Attal. A special crisis unit was set up by the government to initiate appropriate countermeasures. The cyber group Anonymous Sudan is believed to be behind the attacks. The criminals claim to have paralyzed around 17,000 IP addresses and devices as well as more than 300 domains with their DDoS attacks.

Meanwhile, there are increasing signs of a shortcoming in the protection of municipal administration IT in Germany. After Germany's first cyber disaster was declared in 2021 as a result of a ransomware infection on the systems of the district of Anhalt-Bitterfeld, the administration is now communicating the concrete damage assessment. According to the report, the damage amounts to 2.5 million euros.

The impact of the attack on the IT service provider Südwestfalen-IT, which affected the administrative systems of over 70 affiliated local authorities last year, is likely to be similarly severe. As a result, more than half of all local authorities in North Rhine-Westphalia are now having their systems checked for potential vulnerabilities.

In Saxony-Anhalt, a report by the State Court of Audit also reveals serious weaknesses in IT security in the municipal sector. According to the report, many local authorities have neither an IT security concept nor emergency manuals or data backup concepts.

The top IT security topics in March:

eco IT security survey 2024: DDoS threat increases

A survey conducted by the German Association of the Internet Industry (eco) revealed that one in five companies in Germany recorded a serious security incident in the past 12 months. DDoS attacks were cited as the cause in most cases. Overall, the threat situation from overload attacks has worsened considerably in recent months. The number of DDoS security incidents even exceeds the number of ransomware infections reported in the period under review.

Security incidents at Microsoft: US authorities switch providers

After attackers managed to infiltrate the systems of hyperscaler Microsoft several times in recent months, US authorities are now apparently turning to alternative providers. The security incidents affected customer accounts as well as the accounts of Microsoft employees and management.

Cyber extortion: Every second German company pays a ransom

The increasing professionalization of cyber criminals can be seen in concrete figures: As a recent SoSafe study shows, on average every second company in Germany (45 percent) pays a ransom to cyber extortionists. For companies with 1,000 employees or fewer, the proportion was as high as 55%.

US cloud usage: EU Commission violates data protection directive

The European Data Protection Supervisor (EDPS) announced in a press release that the EU Commission had not sufficiently secured personal data in the context of the use of Microsoft 365. The Commission now has until December 9 to prove that no more data flows to the software company or subcontractors and processors in non-EU countries when using the cloud solution.

ChatGPT, Copilot and co: espionage with man-in-the-middle attacks possible

Spying on AI: IT security researchers have succeeded in spying on conversations with common large language models (LLMs) using man-in-the-middle attacks and specially trained LLMs.

White House: Warning of cyberattacks on water suppliers

In a letter to the federal states, the US government has warned against cyber attacks on water supply facilities and advised them to take appropriate defensive measures. According to the letter, attacks by political actors in the past have already shown how vulnerabilities are systematically scouted out and exploited.

Swiss government data published on the darknet

In an attack on a Swiss government IT service provider in 2023, around 65,000 relevant data records were leaked onto the darknet – including around 5,000 records containing sensitive data such as classified information, passwords, names, email addresses, telephone numbers and addresses. The cyber group Play was responsible for the ransomware attack.

Phishing campaign in the name of the IHK targets German companies

The German Chamber of Industry and Commerce (DIHK) warns of a large-scale phishing campaign targeting organizations in Germany. Cyber criminals are trying to obtain sensitive data with phishing emails and a specially prepared website in the design of the IHK.

International Monetary Fund (IMF) email accounts compromised

A cyberattack on the IMF's systems has led to the infiltration of email accounts in a Microsoft 365 environment. The organization's management is not believed to have been affected by the attack. No further details about the incident were communicated.

Following the attack on Südwestfalen-IT: hundreds of local authorities put IT security to the test

The ransomware attack on the service provider Südwestfalen-IT led to outages at over 70 connected municipalities last year. Now more than half of all local authorities in North Rhine-Westphalia are having their IT security checked. The costs are borne by the state government. The aim is to increase the level of security in all local authorities.

BaFin urges security: Supervisory authority receives daily reports of cyber attacks

At the Handelsblatt conference on banking supervision, Raimund Röseler spoke out in favor of better protection for banking IT. "Anyone who thinks they have all risks under control is almost certainly wrong," said the BaFin Executive Director. For this reason, BaFin wants to increase its activities in monitoring IT risks – particularly in the area of risk management.

Investigating authorities strike a blow against Crimemarket

Law enforcement authorities led by the Central and Contact Point Cybercrime North Rhine-Westphalia (ZAC NRW) have seized the illegal trading platform Crimemarket. In the past, "narcotics, criminal services, but also detailed instructions for serious crimes were sold" via the service.

Massive wave of DDoS attacks hits French administration

Cyber criminals have hit large parts of the French administration with a massive wave of DDoS attacks. Myra security expert Rebecca Roche explains in an interview how administrative authorities can protect themselves against such attacks and what to do in an emergency.

Saxony-Anhalt: IT security in local authorities is worrying

A report by the Saxony-Anhalt State Court of Audit and research by MDR indicate serious shortcomings in IT security in local authorities. According to the report, 9 out of 10 local authorities have no IT security concept, 7 out of 10 have no emergency manual and around half of them have no concept for minimal data backup.

EU Parliament: Cyber Resilience Act adopted

The "EU Regulation on horizontal cybersecurity requirements for products with digital elements – Cyber Resilience Act (CRA)" has been adopted by the European Parliament. The regulation now only needs to pass through the EU Council before it can enter into force. The CRA aims to sustainably increase the security of digital products.

Cyber disaster in Anhalt-Bitterfeld cost €2.5 million

On request, the administration of the Anhalt-Bitterfeld district has now communicated the specific damage incurred in connection with the cyberattack in 2021. The ransomware infection cost the district around €2.5 million. The damage is made up of expenses for setting up new infrastructure, data recovery, the purchase of new servers, storage media and laptops as well as new software.