Select Page
Back to overview

Myra’s monthly security highlights present IT decision-makers and security specialists with the most relevant topics from the world of cybersecurity. Hacker trends, defense strategies, and reports on cyber attacks, hacker campaigns, etc. are available here in a clearly laid out format.

According to a recent study by the IT industry association Bitkom, cyber attacks on the German economy cause damage of 223 billion euros annually. Critical infrastructure, in particular, is under constant attack. The number of attacks on organizations and institutions in critical infrastructure sectors such as healthcare, finance, information technology, and telecommunications, as well as government and administration, is increasing sharply. This alarming trend that the Myra SOC (Security Operations Center) has been observing for some time is confirmed by the Bitkom survey: Since critical infrastructure is vital for our society, it must be proactively safeguarded against digital attacks.

In the financial industry, cyber incidents actually pose the greatest risk, according to a recent industry survey. Accordingly, IT security is increasingly drawing the attention of regulators, who are focusing on tighter regulation to strengthen cyber resilience. In mid-August, the German Federal Financial Supervisory Authority (BaFin) published the amendments to its Minimum Requirements for Risk Management of Banks (MaRisk) and the Banking Supervisory Requirements for IT (BAIT). This results in new compliance hurdles and additional burdens for banks, for example, with regard to outsourcing, IT contingency management, and effectiveness controls. With the help of highly certified service providers, these challenges can be mastered with no additional in-house effort.

The top IT security topics in August 2021

IT security trends

223 billion euros in damage caused by cyber attacks – why the number of unreported cases is much higher

When critical infrastructure is attacked, the actual damage is far greater and all of us are potentially impacted. That is why the protection of critical infrastructure plays a crucial role for the well-being of us all.

Find out more

 

Cyber incidents are the greatest risk to the financial sector

Almost half of the industry representatives surveyed by Allianz Global Corporate & Specialty (AGCS) see this as the greatest threat. Increasing compliance challenges due to stricter regulation are also a concern for financial entities.

Find out more

 

Attacks on IIoT platforms in healthcare on the rise

Among other things, magnetic resonance imaging (MRI), computed tomography (CT), and medical devices for remote patient monitoring are affected. Nearly 60 percent of IT decision-makers rate the current threat situation with regard to cyber attacks as “high.”

Find out more

 

Critical infrastructure working group: IT infrastructure in Germany is “extremely vulnerable”

Smaller companies, organizations, and municipalities in particular are often inadequately protected against digital attacks. At the same time, attackers are acting more professionally and increasingly targeting critical infrastructure.

Find out more

 

IBM report: Average cost of data breaches rises to a record $4.24 million

German companies are in fact above the global average, with costs of $4.84 million per data breach. Identifying and containing a breach takes an average of 151 days in this country.

Find out more

 

Billions of euros in damage from attacks on remote workplaces

According to calculations by the Institut der deutschen Wirtschaft (German Economic Institute), companies in Germany incurred losses of 52.5 billion euros last year as a result of attacks on remote workstations. The number of unreported cases is likely much higher.

Find out more

Cybercrime

Cyber extortionists attack savings banks association

The attack was carried out via the email system, which subsequently had to be completely shut down. The IT systems of the member savings banks and the IT service provider were not affected.

Find out more

 

Cyber attack cripples Italian vaccination portal

The attack on the official website of the central Italian region of Lazio made the booking portal for COVID vaccination appointments unavailable for days. It is unclear who is behind the attack.

Find out more

 

Attacker steals over $610 million in cryptocurrencies – and then returns them

The attack on the Poly Network platform is considered the largest theft of cryptocurrencies to date. Around two weeks later, the entire haul was transferred back. As a “thank you,” the hacker received roughly USD 500,000 and a job offer as a security consultant.

Find out more

 

Massive data breach at T-Mobile US

Unknown attackers gained access to customer data of Deutsche Telekom’s U.S. subsidiary. They stole millions of records containing, among other things, names, phone numbers, addresses, and social security numbers.

Find out more

 

Criminals blackmail IT consulting firm Accenture

During the attack, around 2,500 computers were allegedly encrypted with LockBit ransomware. Accenture was able to restore the affected systems using backups. However, the blackmailers threatened to publish the stolen data.

Find out more

 

Fight against cyber attacks: Amazon, Google, and Microsoft cooperate with US government

The Joint Cyber Defense Collaborative (JCDC) initiative will pool the expertise and resources of the government and the private sector to defend against cyber attacks. The initial focus will be on combating ransomware.

Find out more

Best practices, defense, and mitigation

The lessons from the cyber disaster in Anhalt-Bitterfeld

For maximum security, government agencies and municipalities should review and adapt existing protective measures. Specialized service providers can help with this.

Find out more

 

Convenience and data security for e-health are compatible

Combining convenience with certified data security will increase the acceptance of e-health products and services. Experienced specialist service providers can help by lending their expertise.

Find out more

 

“Smart Hospitals” project: Guidelines for practicable IT protection in hospitals

The updated catalog of measures from the CODE research institute at the Universität der Bundeswehr (University of the German Armed Forces) describes around 40 technical and organizational measures that are based on the state of the art and specifically targeted at hospitals.

Find out more

Things to know

BaFin amends MaRisk and BAIT: Higher compliance requirements for banks

Cybersecurity is becoming an even greater focus of supervisory attention. Institutions must prepare for new or more specific regulations related to outsourcing, contingency management, and effectiveness controls.

Find out more


July 2021

IT-Security-Trends

 

Critical infrastructure operators remain the focus of attacks: Myra Security spreads the warning of the Fancy Lazarus attack campaign

A group of hackers that goes by the name of Fancy Lazarus has been blackmailing companies in the telecommunications, health, and finance sectors for weeks now. The attacks on such critical infrastructures are extremely dangerous.

Find out more

KPMG: IT security gives banks a decisive competitive advantage

Many financial institutions still have some catching up to do when it comes to IT security. IT security forms the basis for new digital business models, which in turn create opportunities for further growth.

Find out more

Cybercriminals increasingly exploit zero-day vulnerabilities

This year alone, Google’s Project Zero has uncovered 33 previously unknown vulnerabilities that have been actively abused to perpetrate attacks. This corresponds to a 50-percent increase compared to the previous year.

Find out more

German actors are identified as having serious IT security deficiencies

When investigating the IT systems of major German actors, security researchers from the Fraunhofer Society discovered “numerous serious weaknesses.” These made it possible to intercept emails as well as access, delete, or otherwise manipulate data.

Find out more

Passing a security audit, e-prescriptions get the green light from the BSI

Now that the BSI has approved it, nothing now stands in the way of releasing the e-prescription app on the popular mobile app stores. Having completed a regional test phase, the e-prescription will be introduced nationwide in the fourth quarter of 2021.

Find out more

 

 

Cybercrime

 

Cyber attack on Kaseya: Up to 1,500 companies around the world affected

Criminals infected the systems of IT service providers and their customers with ransomware via a zero-day vulnerability in Kaseya’s remote maintenance software. They asked for USD 70 million in Bitcoin in exchange for the decryption key.

Find out more

An administration paralyzed: Ransomware attack triggers the first nationwide declaration of a cyber state of emergency

As a result of the attack, the Administration of the District of Anhalt-Bitterfeld stopped being able to function. For example, it could no longer pay out social security benefits. The district administrator declared a state of emergency to facilitate a swifter response.

Find out more

Cyber extortionists attack a hospital in Lower Saxony

After an attack, the Wolfenbüttel Hospital was forced to shut down its IT systems as a defensive precaution and conduct its paperwork manually in the meantime. However, the hospital reported that the attack did not interfere with the provision of medical care.

Find out more

“PrintNightmare”: Cybercriminals actively exploit printer vulnerabilities in Windows

A vulnerability in the Windows print spooler that is classified as critical allows attackers to take control of vulnerable systems remotely. Microsoft has since published a patch that should be installed as soon as possible.

Find out more

Data theft from a Hessian insurance company

A cyber attack massively disrupted the business operations of the insurance company Haftpflichtkasse. The IT systems had to be taken offline temporarily. It is still being determined which data in particular was compromised.

Find out more

E-commerce platform operator admits data leak

Cybercriminals have gained access to contract and address data belonging to customers, partners, employees, and external service providers at the Spread Group. Password hashes as well as bank details and PayPal addresses were also tapped.

Find out more

Cyber attack on British railway company paralyzes digital ticket machines

The reason for the days-long failure of the more than 600 touchscreen devices was a suspected ransomware attack on the operating company’s server. As a result, passengers were forced to reserve their tickets online and pick them up at the counter.

Find out more

Security authorities warn of global brute force attacks by Russian hacking group

According to reports by government agencies, the campaign aims to crack login data and then skim off data. All types of companies and organizations are affected, from governments to energy companies and universities.

Find out more

 

Best practices, defense, and mitigation

 

DDoS protection: Myra remains the undisputed leader in the BSI comparison

The German Federal Office for Information Security (BSI) has updated its overview of qualified DDoS mitigation service providers. Myra Security is again listed as the only provider in the world that fully complies with all 37 enumerated performance requirements.

Find out more

“Fancy Lazarus”: What to do in the event of an attack

The activities of DDoS extortionists in the DACH region continue to increase significantly. Learn what to watch out for in the event of an acute attack and how Myra protects your company from RDoS attacks.

Find out more

German medium-sized companies are not adequately prepared for cyber threats

According to a Forsa survey commissioned by the German Insurance Association (GDV), half of these companies have no plan for how to deal with cyber attacks. As a result, companies react too slowly in the event of an attack and risk incurring serious damage.

Find out more

Adapting to the intensified threat situation, BSI conducts an extensive hiring campaign

According to Federal Interior Minister Horst Seehofer, the BSI is currently doubling its staff. “And this process will and must continue, because crime in cyberspace is an ever increasing problem.” Not only is this is the greatest challenge of the next few years, it is the agency’s biggest priority, period.

Find out more

 

 

Things to know

 

A disruption targeting Internet service providers causes many websites to fail

Due to a problem with Akamai’s Edge DNS service, numerous websites became unreachable for up to an hour. The global outage affected financial and logistics companies, airlines, e-commerce providers, and news portals, among others.

Find out more

What are DiGA?

Digital health applications (DiGA) are virtual medical products that are available as apps for mobile devices or as browser applications. The prescription apps are used for self-diagnosis, as electronic diaries for diabetics and medication plans, as well as in other areas. The solutions require a prescription and must be approved by the Federal Institute for Drugs and Medical Devices (BfArM).

Find out more

June 2021

IT-Security-Trends

 

Security vulnerabilities in health apps:

According to a study by the German Federal Office for Information Security (BSI), many health apps for smartphones and tablets are not adequately protected against the threat of cyber attacks.

Find out more

 

Coronavirus test centers: Serious IT security concerns:

The “Zerforschung” hacker collective was able to retrieve thousands of personal data records from an operator’s 34 test centers with little effort. The data includes test results, names, addresses as well as the ID numbers of the individuals tested.

Find out more

 

Cloud Monitor 2021: Enterprises demand performance, security and compliance:

There is a suitable cloud solution for practically every application scenario these days. When choosing a cloud service provider, companies pay close attention to the performance of the service, data security and compliance with existing data protection regulations.

Find out more

 

Problems at cloud service provider cause worldwide outages:

As a result of technical problems at the cloud service provider Fastly, many popular web portals were inaccessible for around an hour on June 8. In addition to the British government’s website, the news sites of Le Monde, the New York Times, the Financial Times, the Guardian, CNN and the BBC also briefly went offline.

Find out more

 

Cybercriminals have no honor among thieves:

Recent studies of ransomware confirm the warnings of security experts not to give in to the demands of criminals in the event of an attack. In 45 percent of all cases investigated, the affected data was unable to be decrypted or only partially decrypted, despite the ransom having been paid.

Find out more

 

Cybercrime

 

 

DDoS attack cripples online banking:

A series of DDoS attacks on an IT service provider of Volks- und Raiffeisenbanken led to extended disruptions to online banking. Other institutions connected to the service provider, such as some Sparda banks and private financial institutions, were also affected by the attacks.

Find out more

 

Ransomware brings food processor to its knees:

American meat packing company JBS Foods was forced to give in to the demands of cybercriminals. The company paid the equivalent of USD 11 million to regain access to its encrypted data. As a result of the attack, operational disruptions occurred at several sites around the world.

Find out more

 

More than 100 government agencies hit by ransomware attacks:

According to a survey by BR and Zeit Online, in most cases cyber extortionists managed to penetrate the IT systems of government offices, state-owned hospitals, government agencies, municipalities and courts and encrypt data. The total number of attacks is likely to be significantly higher.

Find out more

 

VW data breach affects more than 3 million U.S. customers:

Cybercriminals stole the personal information from approx. 3.3 million VW and Audi customers in the USA and Canada. Some of this included sensitive data such as US social security and bank account numbers.

Find out more

 

Hit job on the darknet:

A 41-year-old woman from Dresden allegedly arranged a murder for hire on the darknet for 0.2 bitcoin (the equivalent of about EUR 8,000 at the exchange rate at the time). According to media reports, the target was the 23-year-old girlfriend of her estranged husband. As part of an investigation, journalists from Der Spiegel learned of the hit job and notified authorities. The accused must now stand trial for incitement to murder. She faces a prison sentence of up to 15 years.

Find out more

 

 

Things to know

 

EU planning special unit for cybersecurity:

The EU Commission wants to set up a cybersecurity unit to counter the increasing threat posed by hacker attacks. Specialized teams will provide on-site assistance in member states to defend against attacks in the future. The cyber unit is scheduled to be formed by mid-2022. Prior to this, EU member states must approve the planned concept.

Find out more

 

Responding to automated attacks with self-learning defenses:

An increasing number of companies are turning to self-learning security systems to respond to the growing threat of AI-based cyber attacks. According to a Capterra study, smart defense systems are already in use by 36 percent of the IT managers surveyed, and another 44 percent are interested in adopting such systems.

Find out more

 

Things to know

 

Myra demonstrates competence in critical infrastructure: Audit confirms the highest security standards:

Myra has successfully undergone a voluntary security audit of the critical infrastructure sectors of information technology and telecommunications as well as finance and insurance in accordance with Section 8a of the BSI Act (BSIG).

Find out more

 

Close cooperation with BSI: Myra contributes expertise to cyber security alliance:

As a new ACS partner, Myra is committed to improving digital security in Germany. Together, we want to sensitize companies and raise awareness about the topic.

Find out more

 

#WTI21: Cybersecurity is the new Made in Germany:

At the German Economic Council’s Day of Innovations, the head of the BSI, Arne Schönbohm, spoke with Myra CEO Paul Kaffsack about cybersecurity as a driver of innovation for Germany. Where do we stand and what do we need for global success?

Find out more

 

Digital bank heists: Bonnie and Clyde would be hackers today:

Digitization is creating new attack surfaces for cybercriminals and scammers in the financial industry. Banks have to continuously adapt to new vectors and methods of attack to protect their digital assets.

Find out more

 

What is edge computing?

In IT, edge computing is the processing of data at the network edge. The technology is a distributed computing paradigm that takes a decentralized approach. Instead of sending data from devices to central systems or the cloud for processing, edge computing processes the information where it is needed – at the edge of the network.

Find out more

May 2021

IT-Security-Trends

 

Verizon report: attacks on web applications on the rise:

According to Verizon’s latest Data Breach Investigations Report, attacks on web applications are the second most common type of attack after DDoS. The number of phishing and ransomware attacks increased by 11 and 6 percent, respectively, year over year.

Find out more

 

Allianz: cyber incidents are the greatest risk to the financial industry:

According to an analysis by Allianz Global Corporate & Specialty, cyber attacks, system failures, and data breaches are the most common causes of damage. Together, they account for twelve percent of all losses in the past five years, totaling around 870 million euros.

Find out more

 

Three-quarters of all financial institutions have seen more cyber attacks since the pandemic began:

On average, the increase was 29 percent, according to the “COVID Crime Index” from BAE Systems. In particular, attacks employing botnets, ransomware, and phishing increased significantly. Despite the heightened threat situation, security budgets were cut by 26 percent.

Find out more

 

New regulation provides for stricter security requirements for certain operators of critical infrastructure:

According to a draft reform by the German Federal Ministry of the Interior, around 270 new companies will fall under the new critical infrastructure regulation, primarily power producers. In the future, they will have to meet special reporting and certification requirements and comply with minimum standards.

Find out more

 

HP report: remote work increases cybersecurity risks:

Two-thirds of office workers from Germany also use their work device for private purposes when working from home. 16 percent even let family members or friends use it. As a result, 54 percent of IT decision-makers registered a higher number of phishing attacks and malware infections.

Find out more

 

 

Cybercrime

 

 

Cybercriminals extort millions in ransom from largest U.S. pipeline operator:

As a result of a ransomware attack, Colonial Pipeline had to temporarily completely shut down operation of its main pipeline. This caused shortages in fuel supplies in the eastern USA for days on end. The operator ultimately gave in and paid a ransom of $4.4 million.

Find out more

 

Ransomware attack hits Irish health service HSE:

The precautionary shutdown of key IT systems had a serious impact on healthcare. For example, networked hospitals were unable to access patient data. The Irish government declared that it would not be paying a ransom.

Find out more

 

AXA insurance group targeted by ransomware attackers:

Shortly after AXA announced a partial exit from the ransomware insurance business, several of its locations in Asia became targets themselves. The cybercriminals are threatening to publish stolen customer data if AXA does not comply with their ransom demand.

Find out more

 

Federal Criminal Police Office (BKA) situation report: cybercrime continues to rise:

The number of cybercrime cases recorded by the Federal Criminal Police Office rose by approx. eight percent to over 108,000 last year, meaning that the authority registered more than twice as many cybercrimes as in 2015. Most recently, vaccination portals and the vaccine supply chain were targeted by cybercriminals.

Find out more

 

DDoS attack cripples websites and services of numerous Belgian government agencies:

About 200 state organizations were affected by the massive attack on Belnet, the internet service provider, including public administrations, ministries, universities, research institutes, and hospitals.

Find out more

 

 

 

Things to know

 

Convenience and data security for e-health are compatible:

E-health services such as electronic patient records and e-prescriptions are provided on a voluntary basis. Their acceptance depends to a large extent on trustworthiness and convenience. Digital data protection and security measures are therefore essential, but solutions must also offer a high level of convenience and performance. These apparent contradictions are compatible.

Find out more

 

BSI president sees risk for hospitals:

In an interview with Die Zeit, the head of the German Federal Office for Information Security (BSI), Arne Schönbohm, and BSI expert Dirk Häger explained the digital threat situation in Germany. In their estimation, the risk posed by cyber incidents is also increasing for critical infrastructure. Attackers are increasingly employing complex attack patterns and the number of attacks is rising.

Find out more

 

IT security creates a foundation of trust for e-health solutions:

In the healthcare sector, digital solutions are increasingly being used in administration, diagnostics, and treatment. Security and data protection are given top priority in order to promote social acceptance of e-health.

Find out more

 

Financial regulator steps up controls on IT and cybersecurity:

In light of advancing digitalization, cyber risks are becoming an even greater focus for the German Federal Financial Supervisory Authority (BaFin). The supervisory authority is paying particular attention to the outsourcing of IT services.

Find out more

 

EU cloud: 5 reasons why GAIA-X is so important for Europe:

GAIA-X is intended to promote cloud computing on a European level as a hybrid data platform. More than 350 companies and organizations are involved in setting up the lighthouse project—and for good reasons.

Find out more

 

What is IT compliance?

IT compliance describes adherence to legal, internal, or contractually prescribed requirements for the IT of an organization. These requirements are made up of various requirements for IT security, data protection, availability, and integrity that apply to systems and processes.

Find out more

 

What is open source?

Open source generally refers to software whose source code is freely available and can be viewed by independent third parties. Depending on the underlying open source license, it can also be used, changed, and redistributed more or less freely. However, no license fees may be charged.

Find out more

April 2021

IT-Security-Trends

 

 

US cloud use: Supervisory authorities intensify their investigations into data protection violations:

After the end of the Privacy Shield, data transfers from Europe to the USA are now only possible in the rarest cases in compliance with the GDPR. German government agencies now want to carefully examine whether companies are violating EU law by using US cloud services.

Find out more

 

Almost 50% of German companies have been affected by cyber attacks during the past year:

According to the “Hiscox Cyber Readiness Report 2021”, the proportion rose from 41% to 46% year-over-year. Compared to other companies internationally, German companies sustained the highest average total costs from cyber attacks. That is why most investments are currently being made in cybersecurity in this country.

Find out more

 

The Bundestag passes IT Security Act 2.0:

The amended law is intended in particular to ensure more IT security for critical infrastructures. “Untrustworthy” suppliers may be prevented from expanding their networks in the future. In addition, thanks to its new powers, the BSI is playing a more active role in combating cyber incidents.

Find out more

 

BSI: IT security too often falls by the wayside in the boom of people working from home caused by the pandemic:

According to a BSI survey, 58% of companies want to maintain or expand the number of employees working from home, even after the pandemic is over. According to BSI President Arne Schönbohm, IT security has not been given the budgets, processes, and people that it needs.

Find out more

 

Report: Mobile devices are the biggest IT security threat to businesses

This is the view of 40% of the companies surveyed for the Verizon Mobile Security Index 2021. The switch to remote work driven by the coronavirus pandemic and the increasing use of mobile devices has increased the size of the virtual attack surface immensely.

Find out more

 

US Federal Reserve chief sees cyber attacks as the greatest risk for financial institutions:

In a TV interview with CBS News, Jerome Powell stated: “I would say that the risk that we monitor most closely is cyber risk.” Many governments, corporations and, above all, financial entities have also shared this concern and therefore invested more heavily in their cyber defense.

Find out more

 

Study confirms some serious deficiencies in IT security at German hospitals:

More than one-third of the 1,555 hospitals that were examined exhibited shortcomings. Of a total of 1,931 vulnerabilities discovered, over 900 were classified as critical. One-fifth of the hospitals with security deficiencies were critical infrastructure facilities.

Find out more

 

 

Cybercrime

 

The personal data of 533 million Facebook users was leaked:

The data records, which were posted for free on a hacking forum, mainly consist of phone numbers, but they also include 2.5 million email addresses as well as such personal information as name, gender, date of birth, place of residence, relationship status, and employer.

Find out more

 

Cyber criminals put up the data of half a billion LinkedIn users for sale:

The records include publicly available information, such as name, gender, email address, and phone number. According to LinkedIn, however, this data does not contain any private profile data. The entire data collection is expected to fetch at least a four-digit sum at auction.

Find out more

 

Data leak at Clubhouse: 1.3 million users are affected:

In contrast to the profile data of Facebook and LinkedIn users that was leaked just a few days before, the Clubhouse records contain neither email addresses nor phone numbers. However, there is still a risk that the published data can be abused for attacks.

Find out more

 

Update recommended: Microsoft closes other critical vulnerabilities in Exchange Server:

Microsoft has again released security updates for its email software, this time eliminating four critical vulnerabilities in Exchange Server 2013, 2016, and 2019. The BSI warned companies that they should install the newly released patches as quickly as possible.

Find out more

 

Smishing wave: Users are receiving an increased number of fraudulent SMS messages masquerading as shipment tracking numbers:

The BSI warns users to be on the look out for fraudulent SMS messages about package deliveries and the like. After opening a link, recipients are asked to install an app that is supposedly required for shipment tracking. However, it is actually malware.

Find out more

 

Thousands of coronavirus test results have been published on the internet:

Due to a security flaw in a test center website, users were able to obtain the test results for test subjects online without any access restriction, including their personal data, such as name, telephone number, email address, address, and date of birth.

Find out more

 

Cyber attack disrupts operations at Lippstadt hospital:

The attack paralyzed the entire IT infrastructure, including the software that was used for patient documentation. As a result, the hospital had to stop admitting patients. It transferred emergency patients to primary care and canceled all scheduled elective surgeries.

Find out more

 

DDoS attacks once again bring down the Brandenburg school cloud:

The learning platform used by most schools in Brandenburg and Berlin became inaccessible due to a botnet-based DDoS attack. There had already been outages in January due to a similar attack involving a massive number of unauthorized attempts to access the platform.

Find out more

 

 

Things to know

The end of Privacy Shield and what happens next

Privacy Shield was an informal agreement between the U.S. and the EU intended to ensure compliance with European data protection standards for data transfers to the U.S. Find out more about the reasons for the repeal of the agreement and what you need to consider when working with cloud service providers.

Find out more

 

What is a patch?

A patch is a software update for an existing application or operating system to resolve bugs (errors) or vulnerabilities. Good planning and clear processes when it comes to patching are essential for minimizing many cyber risks for companies.

Find out more

March 2021

IT-Security-Trends

 

Banks need to adapt their cybersecurity strategy to changes in the threat situation:

With increasing digitization, customer needs and virtual attack surfaces have also increased. That is why it is no longer enough to secure only your systems. The security strategy must also include customers and their protection

Find out more

 

Cybersecurity in financial institutions: Not an issue for technology experts alone:

Staff and management should have no reservations when it comes to cybersecurity and should develop a minimum level of understanding of what it entails. This helps to raise awareness and thus improves the level of protection.

Find out more

 

The European Council stresses the vital importance of cybersecurity for a digital Europe:

The Council’s conclusions on the recently adopted EU cybersecurity strategy, presented in December 2020, set the key objective of achieving strategic autonomy while maintaining an open economy. To this end, the ability to make autonomous decisions in the area of cybersecurity must also be strengthened.

Find out more

 

International study shows that German hospitals need to catch up in terms of digitization:

In an international comparison, the 52 German hospitals surveyed scored well in data protection and data security. However, they lag behind in interoperability and public health, and when it comes to patient orientation and patient-centeredness, they land at the bottom of the list.

Find out more

 

E-commerce increasingly under threat from DDoS and ransomware attacks:

To protect themselves from these and other threats, online store operators need to adapt their security strategy. State-of-the-art measures are required to detect, analyze, and defend against attacks. Security and data protection also form the basis for customer trust.

Find out more

 

Dark Web Price Index 2021: stolen online banking credentials starting at $40:

Significantly more stolen credit card details and online banking logins were traded on darknet marketplaces in 2020 than in the previous year. Fake ID documents, email databases, malware, and DDoS attack tools are also very popular. Not only the quantity, but also the variety of illegally offered data and goods has increased.

Find out more

 

Cybercrime

European Banking Authority (EBA) impacted by Microsoft Exchange attack:

As a result of the wave of attacks on Microsoft Exchange servers that began in early March, Europe’s banking regulator had to take its mail system offline temporarily. According to the government agency, the attack did not go beyond the mail system. It announced a full investigation.

Find out more

 

Members of the Bundestag and state parliaments targeted by spear phishing attacks:

According to media reports, cyber attackers have attempted to compromise the email accounts of at least seven members of the Bundestag and 31 state parliaments, as well as dozens of political activists. The Russian military intelligence agency GRU is suspected of having been behind the campaign. Security agencies are now warning of possible Russian disinformation campaigns.

Find out more

 

136,000 corona test results publicly available on the internet:

Due to a security vulnerability in a service provider’s software for coronavirus test centers, other users’ quick test results were accessible with a normal user account – including personal data such as name, address, date of birth, citizenship, and ID number.

Find out more

 

Data breach of Lufthansa’s “Miles and More” frequent flyer program:

As part of an attack on the aviation IT service provider Sita, cyber attackers stole passenger data from Star Alliance partners. Approx. 1.35 million Lufthansa Miles and More customers were also affected by the incident. However, no passwords, email addresses, or other personal data are said to have been stolen.

Find out more

 

Cyber attackers hack into 150,000 surveillance cameras at Tesla, police departments, and schools:

The attackers allegedly gained access to the systems of the operator company Verkada by means of login data for a “Super Admin” account that was publicly exposed on the internet. This gave them direct access to tens of thousands of cameras and Verkada’s customer video archive.

Find out more

 

Things to know

What is an Information Security Management System (ISMS)?

An information security management system (ISMS) defines policies and procedures to ensure, manage, control, and continuously improve information security in a company.

Find out more

 

Internet of Things (IoT) – from vending machines to Industry 4.0:

The Internet of Things is a network of devices and systems connected to the Internet. Each networked object has a unique identifier and can interact with other objects to perform tasks fully automatically.

Find out more

 

What is a blockchain? Definition, how it works, benefits and drawbacks:

Blockchains are decentralized lists of records consisting of individual blocks linked using cryptography. In these distributed records, information of any kind can be documented as transactions that are tamper-proof, transparent, and cannot be altered.

Find out more

 

Darknet: the dark side of the internet?

All hidden online networks and services are subsumed under the term darknet. It is a part of the internet that can only be accessed via special client software and cannot be found using ordinary search engines such as Google, Bing, or DuckDuckGo.

Find out more

 

Opportunities and risks of 5G:

5G stands for the fifth generation of mobile telecommunications. The new communication standard builds upon its predecessor 4G (LTE), but enables significantly faster data transmission with minimal latency and thus entirely new application areas.

Find out more

February 2021

IT-Security-Trends

 

Industrial plants and critical infrastructure are increasingly experiencing security vulnerabilities:

In the second half of 2020, a total of 449 vulnerabilities were discovered in industrial control systems. 71% of them were exploitable remotely. The most vulnerable are the critical infrastructure sectors of manufacturing, power and water supply.

Find out more

 

Cybersecurity in financial institutions: Not an issue for technology experts alone:

Staff and management should have no reservations when it comes to cybersecurity and should develop a minimum level of understanding of what it entails. This helps to raise awareness and thus improves the level of protection.

Find out more

 

More than 100 financial service providers were the target of DDoS extortion attacks in 2020:

The cybercriminals threatened to cripple their victims’ websites and digital services until a ransom was paid. In addition to banks, FinTechs, stock exchanges, insurance companies, credit bureaus, asset managers, and other financial service providers were also impacted.

Find out more

 

Following the Wirecard scandal: BaFin wants to increase oversight of mobile bank N26:

According to media reports, the financial supervisory authority will in future classify N26 as a financial holding company in order to oversee not only the banking subsidiary, but the entire company. The tighter control is seen as BaFin’s reaction to the Wirecard accounting scandal.

Find out more

 

GDPR violations in Germany: 60% more fines in 2020:

Fines across Germany totaled approx. €48 million. The highest fine was issued against fashion retailer H&M at €35.3 million, followed by Notebooksbilliger.de at €10.4 million. The number of fines imposed rose to 301 in 2020, up from 187 in the previous year.

Find out more

 

What lessons can companies learn from GDPR fines?

Data protection authorities repeatedly impose fines in the millions as a deterrent, most recently against Notebooksbilliger.de. To avoid such penalties, companies should take data protection seriously and analyze exactly where internal violations of the GDPR might exist.

Find out more

 

BSI’s IT-Grundschutz Compendium now includes web applications and vehicle IT:

The BSI has updated its IT-Grundschutz Compendium and added the modules “CON.10 Development of Web Applications” and “INF.11 General Vehicle.” Several of the other 95 Grundschutz modules have been fundamentally revised in the 2021 edition.

Find out more

 

Otto CIO: “Digitization will not work without an appropriate level of cybersecurity”:

Despite stagnating IT budgets, investments in security measures must increase because attacks are becoming increasingly complex and threaten business continuity. The topic of cybersecurity should also be regularly discussed and decided at the executive board level.

Find out more

 

 

Cybercrime

Cyber attackers sabotage drinking water supply in the US state of Florida:

Unidentified individuals remotely manipulated the input of chemicals at a water treatment plant. They increased the level of sodium hydroxide in the water to a potentially dangerous level. However, the sabotage was able to be reversed in time.

Find out more

 

Security experts: Cyber threat situation remains tense:

The majority (57%) of IT security experts surveyed by eco, the German Association of the Internet Industry, believe that the German economy is inadequately protected against cybercrime. More than three-quarters expect the threat situation to continue to grow.

Find out more

 

Ransomware attack on Urological Clinic Munich-Planegg:

The attackers encrypted some of the clinic’s IT systems and demanded a ransom. Apparently, they also gained access to confidential patient records. The public prosecutor’s office in Bamberg is investigating.

Find out more

 

Cyber extortionists publish customer data stolen from an internet provider in Kassel:

The leaked data comes from an attack on Netcom Kassel’s customer and communication systems. By releasing the data, the blackmailers wanted to persuade the provider to meet their ransom demand.

Find out more

 

Microsoft warns of a new supply chain attack method:

In a “confusion attack,” software packages contaminated with malware can be injected into IT systems by being automatically installed as dependencies. To do this, attackers only need to know the name of internal packages and create packages using the same name and malicious code in public package sources.

Find out more

 

“COMB”: Collection of more than 3 billion credentials published:

The “Compilation of Many Breaches” (COMB), which surfaced in a hacking forum, contains compromised login data for email accounts and online services such as LinkedIn and Netflix. A website allows you to check whether your own email address is included in the collection.

Find out more

 

Cybercriminals make off with several billion US dollars in cryptocurrencies in 2020:

Last year saw 122 successful attacks on blockchain wallets and exchanges take place. More than a third of the attacks targeted decentralized Ethereum apps. This resulted in damages averaging approx. $9 million per attack.

Find out more

 

Things to know

Cybersecurity protects new business models:

During the crisis, more customers have come to appreciate digital banking and payment services. Banks are responding with new products and services. Cybersecurity is essential to remain digitally competitive.

Find out more

 

What is DORA (Digital Operational Resilience Act)?

The Digital Operational Resilience Act, or DORA for short, provides for the introduction of a comprehensive regulatory framework at the EU level that includes regulations on digital operational resilience for all supervised financial institutions.

Find out more

 

What is the Tor network?

Tor is a network solution for anonymizing communications on the internet. Tor’s technological approach is based on “onion routing,” in which communications on the internet are obfuscated via different and variable routes.

Find out more

January 2021

IT-Security-Trends

IT security deficiencies in over a third of German hospitals:

A survey of publicly accessible network access points at 1,555 hospitals found more than 900 critical vulnerabilities, which can often be traced back to outdated servers and software as well as inadequately secured databases.

Find out more

 

BSI study: networked medical devices have an average of 15 security vulnerabilities:

The BSI uncovered a total of 150 vulnerabilities in ten products from five categories, such as insulin pumps and pacemakers. In many cases, the vulnerabilities were not found in the devices themselves, but in the associated infrastructure.

Find out more

 

EU imposes more than €306 million in fines for GDPR violations in 2020:

Google and Amazon had to pay more than a third of the fines (around €135 million) in France. The highest number of violations was in Spain, with 76. In Germany, three fines totaling just over €37 million were issued.

Find out more

 

Following the Wirecard scandal: BaFin wants to increase oversight of mobile bank N26:

According to media reports, the financial supervisory authority will in future classify N26 as a financial holding company in order to oversee not only the banking subsidiary, but the entire company. The tighter control is seen as BaFin’s reaction to the Wirecard accounting scandal.

Find out more

 

An alternative to the Privacy Shield: EU privacy advocates welcome new standard contractual clauses for US data transfers:

The transfer clauses being planned are intended to continue to allow the transfer of customer data from the EU to third countries such as the USA after the European Court of Justice overturned the EU-US Privacy Shield in July 2020. However, data privacy advocates still see room for improvement in some areas.

Find out more

 

New BSI standard 200-4: Emergency Management becomes Business Continuity Management:

The revised and modernized 200-4 standard replaces the old 100-4 standard and provides practical guidance on setting up a business continuity management system. It is currently available as a community draft open for comments until the end of June.

Find out more

 

Transition of power in the White House: Biden administration makes cyber security top priority:

The new U.S. president has appointed the former NSA director for cybersecurity to his National Security Council, where she will assume the newly created position of deputy national security adviser for cyber and emerging technology. Biden’s predecessor, Donald Trump, entirely eliminated the role of cybersecurity coordinator in 2018.

Find out more

 

Cybercrime

 

 

Investigators succeed in striking blow against “Emotet” malware:

As part of a concerted international effort, law enforcement agencies have seized and dismantled Emotet’s infrastructure. The malware was considered one of the most destructive in the world. In Germany alone, it caused at least €14.5 million in financial losses.

Find out more

 

BKA warns of “significant increase” in DDoS attacks:

According to the German Federal Criminal Police Office, attackers are primarily targeting companies and platforms involved in the remote working and homeschooling sectors. Many attacks are also related to the COVID-19 vaccination campaign.

Find out more

 

DDoS attacks on learning platforms impact online classes:

In many German states, digital distance learning did not start as planned. In addition to technical defects, DDoS attacks were the main cause of a number of learning platform outages. Denial of service attacks hit systems in Brandenburg, Rhineland-Palatinate, and Saarland.

Find out more

 

SolarWinds hack: German government agencies and companies also potentially at risk:

SolarWinds products are used in at least 16 federal agencies and ministries. However, according to the federal government’s current information, there has been no unauthorized access to federal administration systems via the Sunburst Trojan.

Find out more

 

Investigators take down world’s largest darknet marketplace:

With nearly 500,000 users, over 2,400 sellers, and more than 320,000 transactions with a combined value of approx. €140 million, DarkMarket was considered the largest illegal marketplace in the world. It was mainly used to trade in drugs, counterfeit money, stolen credit card data, and malware.

Find out more

 

Beware of targeted phishing attacks on high-level executives:

An ongoing phishing campaign is attempting to use social engineering to obtain credentials from C-level managers. Potential victims receive a deceptively real-looking email claiming that their Office 365 password is about to expire.

Find out more

 

 

Things to know

Corona: increasing security and liability risks:

Digitalization, accelerated by the pandemic, provides opportunities for new business models and more flexible ways of working. This is, however, accompanied by the threat of massive security and liability risks. While the focus has so far been primarily on business continuity, security should be at the forefront in 2021.

Find out more

 

Digital protection of vaccination campaigns creates trust:

Corona vaccination campaigns have begun in many places. Protecting the digital processes created for this is crucial for success.

Find out more

 

IT security as outsourcing according to MaGo and section 32 VAG

In the insurance industry, processes traditionally provided by the insurance company itself are frequently outsourced. The regulatory requirements for this are defined in MaGo (Minimum Requirements for the Business Organization of Insurance Undertakings) and section 32 VAG (Insurance Supervision Act). In practice, these requirements ensure that only highly certified providers with industry experience are considered for outsourcing in line with compliance requirements.

Find out more

 

What is whaling?

Whaling is a variant of (spear) phishing that targets chief (‘c-level’) executives. Attackers use elaborately crafted emails in an attempt to persuade their victims to disclose valuable confidential data or authorize the transfer of large sums of money.

Find out more

December 2020

IT-Security-Trends

Discussions about IT Security Act 2.0 Are Ongoing:

The German cabinet has approved a controversial package of laws designed to ensure greater IT security – especially for critical infrastructure. However, critics still see considerable shortcomings in the legislation currently being drafted.

Find out more

 

“Amnesia:33”: New Vulnerabilities Discovered in Millions of IoT Devices:

Security researchers are issuing warnings about security vulnerabilities, some of them serious, in networked medical and industrial devices. Products from at least 150 suppliers worldwide are affected. The vulnerabilities result from a faulty implementation of the TCP/IP internet protocol.

Find out more

 

Escalation of Cyberattacks on the Financial Industry:

Latest research shows that nearly two-thirds of financial institutions have been affected by cyberattacks in the past twelve months. The coronavirus pandemic is expected to further exacerbate this trend.

Find out more

 

Password Security Is Still Coming Up Short:

Many people continue to underestimate the importance of a complex password for protecting private or business data. According to a list compiled by the Hasso Plattner Institute, the most popular passwords in 2020 include the classics “123456” and “password” as well as “iloveyou”.

Find out more

 

Lowering Costs with Compliance: Revised Version of MaRisk Provides Opportunities:

The sixth revised version to MaRisk offers medium-sized and small financial institutions in particular, which are organized in network structures, lucrative starting points to avoid additional regulatory effort and thus lower costs.

Find out more

 

Cybercrime

 

Sunburst Trojan Infects Over 18,000 Organizations, Government Agencies, and Businesses:

The malware spread via the update servers of an IT management software application. In addition to large companies, government agencies and federal departments in the USA are also heavily affected. The Russian state-backed hacker group APT29 is suspected of being behind the attack.

Find out more

 

COVID-19: Vaccine Companies Targeted by Cybercriminals:

Hackers have attacked the European Medicines Agency (EMA). They acquired vaccine documents from BioNTech and Pfizer. Interpol and security experts warn of further attacks on vaccine developers and vaccine logistics chains.

Find out more

 

Cyberattack Paralyzes German Dax Stock Index Aspirant Symrise:

According to the company, the attackers planted a virus in the company network “with extortionist intent”. As a result, large parts of production had to be temporarily halted.

Find out more

 

Security Breaches in Medical Practices Put Patient Data at Risk:

Improperly inserted connectors enabled security researchers to trick the telematics infrastructure into thinking they were a doctor’s office. This gave them access to all the electronic patient files of the affected practices without having to enter a password.

Find out more

 

330,000 Faked Interactions for 300 Euros

A recent NATO study shows how little effort is required for targeted manipulation in social networks. Troll factories are able to generate high interaction rates at very low cost. The protective mechanisms of Facebook, Twitter, Instagram, and the like are largely ineffective.

Find out more

 

Cybercrime Incurs Costs of Over One Trillion US Dollars:

In 2020, cybercrime will cost the global economy more than one trillion US dollars. The costs are largely incurred as a result of direct damage and the associated consequential costs, but there are also expenses for IT security.

Find out more

 

Things to know

ISO 27001 vs. ISO 27001 Based on IT-Grundschutz

ISO 27001 and ISO 27001 based on IT-Grundschutz (IT baseline protection) define a framework and describe a concept for implementing an information security management system (ISMS). The standards are similar in principle but have significant differences in detail.

Find out more

 

Cybersecurity: What Awaits IT Decision-Makers in 2021

Myra Security looks back at the year’s most defining IT security trends and dares to look ahead to the challenges and digital threats IT decision-makers will be facing in the coming year.

Find out more

November 2020

IT-Security-Trends

Cyber insurance: DDoS and blackmail cause the most expensive damage:

While external attacks account for the majority of the damage, internal incidents are the most common cause of cyber damage. Security service providers can help to increase the level of protection, thereby lowering cyber risks and insurance premiums.

Find out more

 

Out of the crisis and into the cloud:

In the future, companies will increasingly depend on how quickly and how well they are able to make use of cloud and remote work solutions. Forrester analysts forecast that there will be increased investment in these new technologies in 2021.

Find out more

 

U.S. authorities warn of attacks on the healthcare system:

U.S. security agencies are warning of an acute threat to the healthcare system from ransomware attacks. Eastern European hacker groups are said to be primarily responsible, and they sometimes use the Ryuk and Conti encryption trojans to perpetrate their attacks.

Find out more

 

Coronavirus puts cybersecurity at the top of the agenda:

A current study by the consulting firm PwC shows that due to the increased threat situation resulting from the coronavirus pandemic, the topic of IT security is becoming more important for companies.

Find out more

 

New Standard Contractual Clauses (SCC) as a replacement for Privacy Shield:

In order to create a legally secure basis for transatlantic transfer of data between the EU and the U.S., the EU Commission is working on revised SCCs. In particular, the data protection requirements that the ECJ has specified in the Schrems II ruling should be taken into account.

Find out more

 

Cybercrime

 

DDoS attack troubles British broker:

The services of the British financial services provider Trading 212 temporarily became unavailable as a result of a DDoS attack. According to the fintech company, no customer data or stock portfolios were compromised by the failure.

Find out more

 

You can’t rely on honor among thieves:

Cyber criminals are increasingly reselling data stolen by ransomware to the highest bidder on the darknet, even if the victim has paid up.

Find out more

 

Contract hackers target the financial industry:

Security researchers have come across a large-scale APT campaign in which hackers systematically penetrated the systems of South Asian financial institutions. It is not known who hired the digital mercenaries.

Find out more

 

Outdoor apparel manufacturer North Face is resetting customer passwords:

Due to a massive credential stuffing attack, North Face was forced to reset the passwords for its customers and the payment tokens stored in the accounts for security reasons.

Find out more

 

DDoS attack paralyzes RKI website:

The Robert Koch Institute website went down for several hours. The failure was caused by a botnet-based DDoS attack. It has not yet been discovered who is behind the attacks. However, it is believed that no data was leaked as the result of the attack.

Find out more

 

Struggle against criminal trading platforms:

Federal Justice Minister Christine Lambrecht wants to take action against criminal marketplaces on the internet and darknet. In order to combat the trafficking in arms, drugs, and pornography, the responsible government agencies will increasingly utilize online raids and “state trojans” going forward.

Find out more

 

Doxing: Minimizing data exposure is the best protection:

In Germany, the first judgment for doxing was recently handed down. A 22-year-old had collected the private data of numerous celebrities and published it online. This case demonstrates the importance of protecting our confidential data and digital identities.

Find out more

 

Things to know

Myra Security receives an 8-figure investment:

The German cybersecurity company Myra Security and Round2 Capital have been working together for about a year, and now they have decided to expand this partnership. Myra Security will receive over ten million euros in new funding.

Find out more

October 2020

IT-Security-Trends

Cyber warfare: U.S. military succeeds in strike against the TrickBot botnet:

The U.S. Cyber Command has temporarily disrupted the botnet allegedly controlled by Russian cyber criminals to prevent it from impacting the U.S. presidential election.

Find out more

 

BSI [BSI = Federal Office for Information Security] situation report: “Risk situation in the area of critical infrastructure remains at a high level:”

Operators of critical infrastructure see themselves exposed to cross-sector attacks, particularly DDoS and ransomware. Complex DDoS attacks on banks have caused disruptions in payment transactions. Successful defense requires protective measures on all the relevant levels.

Find out more

 

IDC study: Companies are investing more in securing their employees’ home offices:

38 percent of respondents have increased their budget for this purpose. 37 percent consider network security to be the most important issue of 2020. Security incidents have already occurred in more than three quarters of the companies surveyed.

Find out more

 

DsiN [DsiN = Germany Safe on the Net] Practice Report 2020: 46 percent of all SMEs affected by cyber attacks:

In three out of four cases the attacks led to detrimental effects. Yet few companies are actively improving their digital defenses. There is a need to catch up, especially in the implementation of operational security measures.

Find out more

 

Bitkom: Expenditures for IT security grow by 5.6 percent:

In the current year, investments in Germany will likely reach €5.2 billion, which would be a new all-time high. Services account for the largest share of the total market at 55 percent or €2.8 billion.

Find out more

 

BKA [BKA = Federal Criminal Police Office]: Number of cybercrime cases increases by 15 percent:

According to the Federal Situation Report 2019, the police registered a total of 100,514 cases in Germany. Ransomware attacks, which are often accompanied by data theft, continue to pose the greatest threat. Scammers also took advantage of the general interest in COVID-19 information.

Find out more

 

Cybercrime

 

Russian hackers steal data from U.S. government agencies:

According to the FBI, dozens of municipal and state government networks were attacked. Data is said to have been stolen from at least two servers. State-supported actors are suspected behind the attacks.

Find out more

 

Software AG becomes the target of malware attack and data theft:

The Darmstadt-based company had to temporarily shut down its in-house systems. The attackers also stole data that has since become public. According to the company, the costs for combating the attack have so far amounted to approx. €5 million.

Find out more

 

Google reports the largest known DDoS attack to date:

The attack had a peak bandwidth of 2.54 terabits/s and was launched by a state-supported actor from China. The incident occurred in September 2017, but was only just published by Google in a report on DDoS attacks on its infrastructure.

Find out more

 

Cyberbunker trial against operators of darknet infrastructure begins:

A computer center in a bunker facility in Traben-Trarbach in Rhineland-Palatinate is said to have been responsible for at least 249,000 criminal offenses, including trafficking in drugs and counterfeit money. The proceedings before the Trier Regional Court are concerned with clarifying the responsibility and involvement of the accused operators.

Find out more

 

Insider attack on asset manager Scalable Capital:

The Munich-based start-up reported “unlawful access” to strictly confidential customer data. In addition to contact information, it is alleged that, among other things, securities statements, tax and account numbers, and identification data were leaked. At least 23,000 customers are affected.

Find out more

 

Finland: Attackers steal medical records of thousands of psychotherapy patients:

Affected are patients of Vastaamo, a private provider. Like the company itself, many of them have reported blackmail attempts. A 10 GB file containing notes from therapy sessions is said to be circulating on the darknet.

Find out more

 

Best practices, defense, and mitigation

Financial Stability Council gives recommendations for action on how to deal with cyber incidents:

The report “Effective Practices for Cyber Incident Response and Recovery” is a toolkit for financial institutions. It includes 49 recommendations on how those impacted by a cyber incident can restore their ability to operate.

Find out more

September 2020

IT-Security-Trends

/wp/wp-admin/post.php?post=27869&action=edit

Cybercrime

DDoS blackmailers attack in the name of “Fancy Bear”:

DDoS blackmailers attack in the name of “Fancy Bear”:Cybercriminals pretending to be the Fancy Bear hacker group are blackmailing German companies into paying large ransoms. Those failing to heed the attackers’ demands face the prospect of critical DDoS attacks.

Find out more

 

Massive DDoS attack on Hungarian banks and Magyar Telekom:

According to the telephone company, it was one of the biggest hacker attacks ever perpetrated in Hungary, in terms of both scope and complexity.

Find out more

 

Data breach at US hospital: Medical records and personal information of 6,000 patients stolen:

The stolen records include name, date of birth, detailed medical records, and in some cases, insurance information and social security numbers.

Find out more

 

Didn’t care much for online classes: 16-year-old high school student disrupts school with a simple DDoS attack:

The teenager from Miami used the open source “Low Orbit Ion Cannon” stress testing tool to overwhelm the school district’s inadequately secured networks.

Find out more

Things to know

The Myra platform at a glance

The Myra Security-as-a-Service platform is conceived as a comprehensive protection concept for securing digital business processes. The individual solutions interact seamlessly to ensure robust IT security, performance, and certified compliance.

Find out more

August 2020

IT-Security-Trends

Data breaches are costing the German financial industry dearly:

According to a study by IBM, no other industry has recorded such high levels of damage related to data breaches and cyber attacks as the finance sector.
Find out more

Hospital law of the future: German government focuses on IT security:

The German government plans to spend three billion euros to advance the digitization of hospitals. The funding requires that hospitals focus on IT security during the digital transformation.
Find out more

There is no IT security without awareness:

If you want to strengthen cybersecurity in your company, you cannot rely on technical solutions alone. Employees must also be brought up to speed on the subject so that the right strategic response is made in the event of an attack.
Find out more

The challenge of IT outsourcing in the financial sector:

The trend toward outsourcing IT security to specialist providers is continuing. Especially in the financial sector, however, the regulatory requirements for outsourcing of this kind are being increasingly scrutinized by BaFin. This will also have an impact on insurance companies.
Find out more

Quantum computing entails opportunities and risks:

Innovative quantum systems calculate the complex risk models and optimization tasks of banks and insurance companies in the shortest possible time. However, the Federal Association of German Banks (BdB) warns that the technology can also be used to defeat commonly used encryption methods.
Find out more

Cybercrime

Encryption Trojan with affiliated leak platform:

The novel Conti ransomware not only encrypts the data of its victims but also threatens to publish the victims’ data on a publicly accessible platform.
Find out more

Travel operator CWT pays $4.5 million to get its data back:

As part of a ransomware attack, the US business travel operator was forced to pay the equivalent of US$ 4.5 million in Bitcoin.
Find out more

A million-dollar bribe for an attack on Tesla:

Cybercriminals offered an employee at the Tesla factory in the US state of Nevada a million-dollar bribe. In return, he was to infect the factory’s systems with malware. However, the employee demonstrated loyalty and reported the incident to his employer. The FBI is now investigating the incident.
Find out more

Best Practise, Defense & Mitigation

Catching up on the backlog of IT security in hospitals:

In healthcare, another critical infrastructure (KRITIS), BSI attests to weaknesses in organizational measures for cybersecurity. There is nothing to criticize in the technical implementation of security measures, but an IT-specific security culture is lacking. This manifests itself in incomplete risk management, insufficient network segmentation, and outdated Windows operating systems.
Find out more

Checking IT service providers more closely:

Raimund Röseler, Executive Director of Banking Supervision, is in favor of direct control rights and sanctions against IT service providers. This is the only way BaFin can ensure that strict compliance guidelines are adhered to in the ongoing trend toward IT outsourcing:
Find out more

Things to know

The Myra platform at a glance: Web Application Security:

Web Application Security: Injection attacks, malware attacks, manipulative bot requests, and more: Online services today are exposed to a wide range of threats that need to be systematically addressed. As an upstream protective wall, Myra Website Application Security protects the web applications of companies and government agencies from all of these kinds of attacks.
Find out more

The Myra platform at a glance: Web Intelligence:

Web Application Security: Injection attacks, malware attacks, manipulative bot requests, and more: Online services today are exposed to a wide range of threats that need to be systematically addressed. As an upstream protective wall, Myra Website Application Security protects the web applications of companies and government agencies from all of these kinds of attacks.
Find out more

July 2020

IT-Security-Trends

Social Engineering: What the Twitter Hack Shows Us:

Attackers have successfully hacked countless celebrity and corporate accounts on Twitter and used them for bogus spam messages. The blame for this was not due to a vulnerability in Twitter’s systems, but to a successful social engineering attack on one of the service’s employees. You can find out more about the attack here:
Find out more

Digitization in Health Care in Demand as Never Before:

International studies have shown that patients are increasingly demanding digital treatment methods such as telemedicine, health apps, and AI-supported diagnostics programs. The basis for successful digitization in the health care sector, however, is IT security, data protection, and compliance.
Find out more

Apart from Critical Infrastructure, Infrastructure Providers Are Often Easy Prey:

Hackers have succeeded in stealing and releasing customer and employee data from an energy supplier in Mainz. Like many other municipal providers, which due to their size do not fall within the definition of critical infrastructure, the company does not have to meet the high standards set out in German IT security legislation.
Find out more

Ransomware Security Measure Hobbles Lower Saxony’s Tax Offices:

In order to avoid being infected by Emotet and other types of malware, the tax authorities of Lower Saxony have since the beginning of the year stopped processing e-malls with file attachments or links. A secure environment for the quarantined opening of such content is presumably in the test phase.
Find out more

Cybercrime

Credential Stuffing: The Underrated Risk:

Even in spectacular security breaches, hackers don’t usually overcome any technical security hurdles, but instead often simply misuse normal login details.
Find out more

Windows POS Malware Uses DNS to Steal Credit Card Information:

A new type of malware uses the DNS protocol to steal credit card data and payment information from cash register systems without being detected. The stolen information can be used directly for transactions or even to clone credit cards.
Find out more

Cybercrime: What’s behind Digital Crime?

With increasing digitization, cybercrime continues to gain momentum and causes billions in damages to the economy, government, and society at large. Learn more about the multilayered threat from the Internet here:
Find out more

GDPR Shows Its Teeth:

Last year, about two-thirds more breaches of the General Data Protection Regulation were reported in Europe. In most cases, the violations involved unauthorized access to personal data through cyberattacks, tampering and sabotage, and the loss of non-secured mobile devices and laptops.
Find out more

Things to know

The Myra Platform at a Glance: Multisite Load Balancer:

Delayed access or even total failure of web applications and online services are unacceptable in a professional environment. Multiple redundant server systems and data centers provide a remedy for such problems. Without smart distribution of access, however, even such concepts are of little help.
Find out more

The Myra Platform at a Glance: Content Delivery Network:

What counts most on the Internet are speed and stability. If, in contrast, there are delays in loading websites or using web applications, most users leave after a few seconds and look for alternatives. That’s why companies cannot afford to sacrifice performance when doing business online.
Find out more

The Myra Platform at a Glance: DDoS Protection:

Myra DDoS Protection is an integral part of our certified Security-as-a-Service platform. The solution, developed and operated in-house, reliably and fully automatically protects web applications, websites, DNS servers, and IT infrastructure.
Find out more

June 2020

IT-Security-Trends

With Cybercrime as a Service, digital attacks become a service:

Anyone who now wants to digitally target companies no longer has to get their fingers dirty. Cyber attacks are offered as a service on the Darknet.
Find out more

DNS attacks cost companies an average of EUR 920,000:

In Germany, the financial harm caused by DNS-based attacks on companies amounts to an average of EUR 920,000. According to IDC, phishing, and DDoS attacks are among the most common types of attack.
Find out more

Why captchas alone are not enough:

Captchas protect web applications from malicious access by bots and spammers. However, the plus in security comes at the price of disadvantages in accessibility and usability. The little image and audio puzzles also present an obstacle for some human users.
Find out more

Incomplete digitization in the insurance industry:

According to a recent YouGov study, insurers score only average on the digital transformation. While data protection and IT security were rated by the majority, there were shortcomings in the user experience.
Find out more

Social engineering and phishing in perfection:

Cybercriminals forge business e-mails and websites with ever increasing precision. At first glance, the malicious fakes cannot be distinguished from the originals. Awareness and a trained eye are required to reliably spot phishing.
Find out more

SMEs underestimate the risks:

German small and medium-sized enterprises are increasingly becoming the focus of cybercriminals. Compared to larger companies, however, medium-sized companies are rarely reliably protected against attacks, and there is often a lack of awareness of the problem.
Find out more

Cybercrime

Major raid against users of Darknet platform:

More than 1,400 police officers throughout Germany were involved in a major raid against users of Crimenetwork, the illegal online platform. In over 200 searches, more than 300 TByte of data material was seized, allegedly providing evidence of drug and arms trafficking, botnets, credit card abuse, and other crimes.
Find out more

Computervirus shuts down Berlin Court of Appeal for nine months:

The majority of the roughly 150 judges of the Berlin Court of Appeal have been unable to work for about nine months because their recently purchased laptops cannot be securely connected to the court’s internal network due to a lack of VPN (via Fefe).
Find out more

Financial service providers in BaFin’s sights:

In its journal, the Federal Financial Supervisory Authority (BaFin) regularly draws attention to shady characters on the financial market who have attracted attention through questionable products and illegal practices. The black sheep at a glance:
Find out more

Things to know

IT Security Act: Big update coming up:

The IT Security Act is getting a major update in order to bring the catalogue of requirements and also the BSI itself into line with the current level of threat. In essence, the current draft law for IT Security Act 2.0 provides for an active protective role of the BSI for the government, economy, and public.
Find out more

SOC: Where all threads of cybersecurity come together:

In the Security Operation Center (SOC), IT specialists continuously analyze and evaluate all security-related data of corporate IT. The SOC’s primary task is to proactively identify and close possible vulnerabilities in systems and to actively initiate countermeasures in case of cyber attacks.
Find out more

May 2020

IT-Security-Trends

Cybercriminals exploit corona crisis for attacks:

While COVID19 is causing a global state of emergency, cybercriminals, and hacker groups are taking advantage of the situation to target critical services. In addition to the public sector, the healthcare, and financial industries are also affected by the attacks:
Find out more

Credential stuffing is increasingly becoming a problem for banks and payment service providers:

The systematic misuse of login data on the internet is one of the most frequently used tools of attack for cybercriminals. Online scammers are mainly looking for lucrative access for banking and payments.
Find out more

The Association of German Banks (BdB) sees a need for action:

Banks must expect much more sophisticated cyber attacks in 2020 than in the past. This is why coordinated measures for more IT security and industry-wide cooperation are now required:
Find out more

Mobile on the move:

Security-critical applications from the banking sector are also increasingly being used on mobile devices. It is important there to create secure platforms for financial services:
Find out more

Cybercrime

Supercomputers under fire:

A number of European high-performance data centers had to disable access to their supercomputers due to hacker attacks. The SuperMUC facility at the Leibniz Supercomputing Center in Garching, the Hawk high-performance computer at the Stuttgart HLRS, and the Jureca system in Jülich were also affected. The background to the cyber attacks is currently still unclear:
Find out more

Major attack on WordPress:

In a large-scale attack campaign, a hacker group took fire at over 900,000 WordPress websites. The sites were to be taken over by cross-site scripting (XSS).
Find out more

Best Practise, Defense & Mitigation

Remote work requires security by design:

Working safely away from the office is commonplace in times of corona. User-friendly IT security provides practical protection.
Find out more

IT Security Act 2.0 makes BSI a powerful cyber authority:

The new draft for an expanded IT Security Act provides for the retention of log data, among other things. The office is also to be expanded by about 600 positions, according to plans by Federal Interior Minister Horst Seehofer (CDU):
Find out more

Cybersecurity and business must work in harmony:

Gartner analysts are calling for decision-makers to make IT security a business-critical area in companies. After all, cybersecurity decisions have a direct impact on business results – not least due of the impact of the corona pandemic:
Find out more

Things to know

What exactly does the BSI do?

The Federal Office for Information Security (BSI) is committed to the protection of IT systems in government agencies, companies, and private households. Find out what they do in detail here:
Find out more

There will be cybercriminals for as long as the money keeps rolling in:

Digital attackers usually act out of monetary interests. Current studies show that in 9 out of 10 cases cyber attacks are financially motivated:
Find out more

Share this article