Trending Topics Cybersecurity – May 2024

The cybersecurity situation for public institutions and authorities has deteriorated dramatically in recent months. According to BSI President Claudia Plattner, we are in a "worrying threat situation" exacerbated by an "unholy alliance" between organized crime and state-sponsored or tolerated threat actors, making it increasingly difficult to distinguish between financially and politically motivated attacks.

The German Federal Criminal Police Office confirms this trend, reporting a 28% increase in cybercrime offenses committed from abroad, with the public sector increasingly targeted by DDoS attacks and other threats. The Baden-Württemberg Cybersecurity Agency even reports a 478% increase in IT security incidents, underscoring the tense situation.

Internationally, concerns are also growing: A survey of IT security officers found that 70% fear their organizations could fall victim to a major cyberattack in the coming year. Particularly alarming is that 43% of CISOs surveyed say they are not adequately prepared for such attacks.

These developments show that federal, state, and local governments are increasingly targeted by cybercriminals. The threat is multifaceted and requires a comprehensive and coordinated response to ensure the security of critical infrastructure and sensitive data.

The top IT security topics in May:

“BKA-Bundeslagebild”: Public sector under DDoS attacks

According to the German Federal Criminal Police Office's report “Bundeslagebild Cybercrime 2023”, the number of recorded cybercrimes remains at a “high level”. The number of cybercrime offenses committed from abroad increased by 28%. According to Federal Minister of the Interior, Nancy Faeser, cybercrime is one of the most relevant areas of crime. Public administrations and authorities are increasingly in the focus of DDoS attacks and other threats.

CSBW reports significant increase in cyberattacks on public institutions

The Cybersecurity Agency Baden-Württemberg (CSBW) has published its second annual report and warned of a tense cybersecurity situation in the federal state. Overall, the number of reported IT security incidents and security-related events increased by 478%.

International survey: CISOs increasingly worried

According to an international CISO survey, 70% of all IT security managers fear that their organizations could fall victim to a serious cyberattack in the coming year. In addition, 43% of those surveyed stated that their company was not sufficiently prepared for such an attack. In addition to ransomware and DDoS attacks, the CISOs surveyed are most concerned about email fraud and compromised cloud accounts.

IT Security Congress: BSI President warns of "worrying threat situation"

At the 20th IT Security Congress in Bonn, BSI President Claudia Plattner explained that the current cyber threat situation remains worrying. This is also due to an "unholy alliance" between profit-oriented organized gang crime and state support or toleration. This makes it increasingly difficult to distinguish between financially and politically motivated attacks.

Authority takes legal action against cloud provider: BSI demands information

The BSI is demanding information from Microsoft about the security incidents last year in which state hackers stole data, including the master key of the Azure cloud. Microsoft's hesitant communication has now led to escalation. The BSI is invoking Section 7a of the BSI Act to force the release of the information. The authority criticizes inadequate security measures in connection with the case and points to the better preparation of other providers.

Cyberattack on Christie's auction house takes down website

The auction house Christie's was the target of a hacker attack shortly before important art auctions in New York, which paralyzed the website for days. One auction had to be postponed as a result of the incident. According to media reports, Christie's suffered a cyber incident just last year, when image data from consignors containing sensitive GPS data on the locations of various works of art was lost.

Data leak at KJF Augsburg: Attackers steal sensitive data

Cybercriminals have infiltrated the IT systems of the Catholic Youth Welfare Service of the Diocese of Augsburg (KJF). The attackers gained access to personnel, financial, patient and health data. KJF operates more than 80 hospitals and social facilities, including the largest maternity clinic in the region.

Europol forum offline after hacker attack

The “Europol for Experts” (EPE) forum has been taken offline after an unauthorized actor gained access and apparently stole data. A darknet provider is allegedly selling stolen documents from the forum, including manuals for investigators. Europol confirms the incident, but states that no “data on operations” was stolen.

Cyberattack on British Ministry of Defense

Unknown persons have penetrated the payroll system of the British armed forces and accessed the personal data of almost 270,000 current and former military personnel. The compromised information includes names, bank details and, in some cases, private addresses. The affected database was subsequently taken offline.

Metadata from Bundeswehr Webex conferences was available online for months

According to information from Zeit Online, the dates, topics and participants of Bundeswehr Webex conferences were openly available online for months. Due to a security vulnerability, outsiders were able to view the metadata of at least 6,000 meetings, some of which were even classified as “classified information – for official use only”. Due to the consecutive numbering of the Webex meetings, the corresponding IP address was apparently easy to guess.

Cyberattack on SPD: General Secretary's email inbox affected

As the German Federal Ministry of the Interior has now confirmed, the SPD party headquarters was attacked at the end of 2022 via a security vulnerability in the Outlook email program. According to Spiegel research, a mailbox belonging to SPD General Secretary Kevin Kühnert was also affected. The attack was apparently part of a larger campaign by the group APT 28 aka Fancy Bear, which the Federal Office for the Protection of the Constitution attributes to the Russian military intelligence service GRU.

Cyberfraud is growing rapidly

The number of cyberfraud cases in online retail is increasing worldwide, while the growth of online retail itself is slowing down. This is the result of a study by Lexis Nexis Risk Solutions. According to the study, human-initiated attacks on e-commerce transactions rose by 59% last year, while the number of online purchases only increased by 7%. The takeover of online accounts using stolen access data is the most common attack method.

Hamburg Airport blocks cyber attackers

The cyber group Just Evil/Kill Milk targeted Hamburg Airport's systems over the Whitsun weekend – without success. “The attack by the Kill Milk/Just Evil group was repelled and no security-relevant information was stolen,” explained the airport operator in response to a press inquiry.

FBI takes BreachForums offline

The FBI, in cooperation with international investigative authorities, has shut down the website and Telegram channel of the ransomware brokering portal BreachForums. The marketplace was used by cybercriminals to trade contraband – including stolen access devices, identifiers, hacking tools, manipulated databases and other illegal services.

What is mTLS?

mTLS is a method for mutual authentication via network connections. The abbreviation mTLS stands for “mutual TLS”. mTLS ensures the authenticity and integrity of the connecting parties at both ends of network connections via X.509 certificates. Technologically, the method is based on the TLS (Transport Layer Security) encryption protocol.