Trending Topics Cybersecurity – September 2024

SECURITY INSIGHTS | Oktober 01, 2024

Myra's monthly security highlights provide IT decision-makers and security professionals with the most relevant topics from the world of cybersecurity. Current trends, defense strategies and news on cyber attacks, attack campaigns and more can be found here in a clearly arranged format.

On September 16, the Austrian Computer Emergency Response Team (CERT.at) alerted of a large-scale DDoS attack campaign against authorities and organizations in the country. The attacks were directed against various sectors and were presumably motivated by hacktivism.

The websites of ministries, administrative authorities, energy suppliers, public transport systems and political parties were particularly affected. The attacks led to temporary outages at several high-profile targets, including the websites of the ÖVP and SPÖ parties, the Ministry of Defense, the Austrian Court of Audit and the Public Employment Service (AMS), according to media reports.

Thanks to Myra's defense systems, a central state authority was able to fend off a 24-hour attack without any consequences. This underlines the importance of robust protective measures against DDoS attacks. The Austrian Ministry of the Interior confirmed that the attacks have been ongoing since mid-September.

The wave of DDoS attacks in Austria reflects a Europe-wide trend. According to the latest “Threat Landscape 2024” report by the European Union Agency for Cybersecurity (ENISA), DDoS attacks have become the biggest threat in the EU, accounting for 46.3% of all cyberattacks, followed by ransomware at 27.3%. The public sector, transportation and the financial sector are particularly affected.

Exploding costs due to cybercrime

The intensification of the threat situation can also be seen in the increase in losses. The German Federal Criminal Police Office (BKA) has recorded an alarming increase in damage caused by organized cybercrime. The amount of damage has almost tripled compared to the previous year, reaching €1.7 billion. This means that cybercrime accounts for almost two thirds of the total damage caused by organized crime, which amounts to €2.7 billion – more than twice as much as in the previous year. BKA President Holger Münch emphasizes: “The fight against organized crime remains a central focus of our work. It causes a great deal of damage and poses a considerable threat to the state, the economy and society through influence peddling and violence.”

The German Insurance Association (GDV) reports a similar trend. According to the GDV, the number of reported cyberattacks rose by 19% to around 4,000 cases in 2023. The insurance companies made payments of around €180 million for this, which corresponds to an increase of 50% compared to the previous year. The average loss per attack amounted to €45,370.

The Top IT Security Topics in September:

IT security trends

Wave of DDoS attacks on authorities and companies in Austria

On September 16, CERT.at warned of a large-scale DDoS attack campaign on authorities and organizations in Austria. The politically motivated attackers were apparently systematically attempting to paralyze official and institutional online presences. An important state authority defended itself with the help of Myra's protection systems, so that a 24-hour attack had no impact.

ENISA: DDoS replaces ransomware as the biggest cyber threat in Europe

Almost half (46.3 %) of all cyberattacks in the European Union are DDoS attacks, followed by ransomware with 27.3 %. The public sector, transportation and the financial sector are particularly frequently attacked. This is according to the “Threat Landscape 2024” report from the European Union Agency for Cybersecurity (ENISA).

Cybercrime is causing record losses

According to the German Federal Criminal Police Office (BKA), the amount of damage caused by organized cybercrime almost tripled last year, from €588 million to €1.7 billion. This means that cybercrime accounts for almost two thirds of the total damage caused by organized crime, which more than doubled to €2.7 billion and reached a new high.

LSI report: 5,200+ attacks on Bavaria's public network stopped

The Bavarian State Office for Information Security (LSI) registered more than 5,200 anomalies and attacks on the Bavarian government network last year. Around 3,000 of these could have led to serious consequences, according to the latest LSI status report on cybersecurity. However, in none of these cases did the attackers succeed in compromising a system in the government network “in a sustainably critical manner”. According to the state government, however, the danger is increasing.

GDV: Cyberthreat situation in Germany is escalating

As reported by the German Insurance Association (GDV), the number of cyberattacks in Germany rose by 19% to around 4,000 reported cases in 2023. Insurers paid out around €180 million for this, which corresponds to an increase of 50% compared to the previous year. The average loss per attack amounted to €45,370, an increase of 8% compared to the previous year.

Cybercrime

Surgeries canceled: cyberattack on Wertach hospitals

The Wertach hospitals in Bavaria have been the victim of a cyberattack that blocked the main IT system. Planned operations were canceled as a precautionary measure and the clinics are working to restore smooth operations. The relevant authorities have begun an investigation.

Critical infrastructure: German ports increasingly targeted by cybercriminals

German ports are recording an increase in cyberattacks. “The HPA is registering many attacks on critical infrastructure,” said the Hamburg Port Authority (HPA). The port authority is working with partner ports such as Barcelona, Singapore, and Los Angeles to defend against the attacks, according to the authority. It is important that everyone involved in the supply chain protects themselves and learns from each other.

German air traffic control affected by cyberattack

German Air Navigation Services (DFS) has been the target of a cyberattack. According to DFS, this led to disruptions to the “administrative IT infrastructure”, i.e. office communication. However, air traffic in Germany was not affected at any time.

Cyberattack on US financial services provider MoneyGram

The US financial services provider MoneyGram has been the victim of a cyberattack. Due to the incident, the digital services for international money transfers had to be shut down as a precautionary measure. MoneyGram is working with external cybersecurity expert teams to secure the affected systems. In addition, investigations by law enforcement authorities are already underway.

Schumag affected by cyberattack

The company Schumag, a German manufacturer of machines and systems, has been hit by a cyberattack. Due to the incident, the AG had to cancel its planned Annual General Meeting at short notice. According to the company, it is not yet possible to assess the consequences and damage of the cyberattack.

Critical data breaches at Check24 and Verivox

Security vulnerabilities in the systems of the price comparison portals Check24 and Verivox allowed an unauthorized person to access sensitive customer data, including information on name, address, income, the number of children or the user's employment relationship. The number of people affected is currently unknown. According to the whistleblower of the breach, 75,000 data records were accessible in the case of Verivox.

Best Practice, Defense & Mitigation

FBI shuts down botnet

The FBI has shut down a botnet with more than 200,000 home devices in the US and worldwide. The infected devices, including Wi-Fi routers, IP cameras and NAS devices from manufacturers such as Asus, DrayTek and Synology, were misused for malicious activities. According to the authority, DDoS attacks were carried out during the shutdown operation, with which the botnet operators attempted to prevent the malware installed on the end devices from being deactivated.

Europol closes down phishing platform iServer

Europol has shut down an international phishing platform called iServer, which had been active since 2018 and was responsible for over 483,000 victims worldwide. The platform enabled criminals to unlock stolen or lost cell phones. Authorities from Spain, Argentina, Chile, Colombia, Ecuador, and Peru were involved in the investigation. The operation led to 17 arrests, 28 searches and the seizure of 921 items, including cell phones, electronic devices, vehicles, and weapons.

Another success: Nationwide Warning Day 2024

The nationwide Warning Day 2024 took place on September 12 to test the warning systems in Germany. The warnings were successfully sent out via various channels such as cell broadcasts, sirens and warning apps. Ralph Tiesler, President of the Federal Office of Civil Protection and Disaster Assistance (BBK), was satisfied with how the warning day went: “According to the information I have so far, today's nationwide warning day was another success! As planned, we reached the population with a wide range of warning resources.”

Things to know

Serious disruption for the economy: impact analysis of the CrowdStrike disaster

On July 19, a faulty update of the CrowdStrike cyber security solution resulted in a series of IT failures across multiple global locations. A joint analysis of the incident by the industry association Bitkom and the German Federal Office for Information Security (BSI) revealed that 62% of affected companies in Germany had to address direct consequences on servers, PCs, and other endpoints. Additionally, 48% of companies experienced indirect effects, such as the failure of service partners or digital services. Around one in two companies (48%) had to temporarily shut down operations, with an average duration of 10 hours.

NIST updates guidelines for password management

In its latest guidelines for password management (SP 800-63-4), the National Institute of Standards and Technology (NIST) recommends the use of long passwords (up to 64 characters) in particular, as these are difficult to overcome using brute force methods. On the other hand, strict password complexity requirements are discouraged, as these often only lead to users using easy-to-guess passwords, writing them down in easy-to-find places or reusing them in different accounts. Regular password changes are also discouraged.

Related articles