Select Page
Myra’s monthly security highlights present IT decision-makers and security specialists with the most relevant topics from the world of cybersecurity. Hacker trends, defense strategies, and reports on cyber attacks, hacker campaigns, and more are available here in a clearly laid out format.
Banks, government agencies, and the operators of critical infrastructure, particularly in the healthcare sector, are increasingly being targeted by cybercriminals. In the past few weeks, the number of extortion attacks on financial and critical infrastructure companies, in particular, has grown considerably. In addition to ransomware attacks, which in the case of the University Hospital of Düsseldorf resulted in the loss of a human life, ransom denial of service (RDoS) attacks are also on the rise.

In ransomware attacks, attackers use embedded malware to encrypt massive amounts of data and demand payment of a large ransom for decrypting it. RDoS attacks, in contrast, are based on reflection attacks, which attain increasingly large volumes and are becoming more frequent. In these attacks, blackmailers threaten to bring entire systems to their knees via DDoS attacks until the victim pays a ransom. Experience shows that companies should not give in: Whoever pays up once makes himself a worthwhile target for subsequent attacks. Those who resist and successfully ward off an attack are more likely to be left alone in the future.

The top IT security topics in September

IT security trends

Lives depend on cybersecurity in critical infrastructure:

A ransomware attack brought down key systems at the University Hospital of Düsseldorf. Due to limited operations, there were major restrictions in patient care – with tragic consequences.

Find out more

 

DRDoS & RDoS: Blackmail using reflection attacks:

Cybercriminals are increasingly employing reflection attacks using massive volumes of bandwidth to bring the Internet services of companies to their knees. These powerful DDoS attacks are designed to exact high ransoms – and those who fail to pay up come under fire.

Find out more

 

DDoS attacks on education escalate:

In the first months of the corona pandemic, the number of DDoS attacks on educational resources increased by up to 500 percent over the same period last year.

Find out more

 

Banks must not neglect data protection on their way into the cloud:

Even after the European Court of Justice’s ruling on Privacy Shield, the financial sector is continuing to push its cloud projects with hyperscalers. However, it should use the ruling as an opportunity to raise awareness of the problem and question security mechanisms and strategies for the cloud.

Find out more

 

Social engineering: A lack of awareness is the most frequently exploited factor:

Even the best technical defense measures are of little use if employees lack an awareness of security. This is why awareness training is just as important as the technology being used.

Find out more

 

Association of German Banks calls for more cooperation in the fight against cybercrime:

It advocates coordinated action and joint efforts by policymakers, supervisory authorities, central banks, and financial institutions at both the European and global level.

Find out more

 

Critical infrastructure working group: BMI endangers implementation of the Online Access Law:

Security experts are critical of the fact that the Federal Ministry of the Interior, Building and Community (BMI) has still not submitted a set of regulations defining the security standards for the IT components of digital public administration.

Find out more

Cybercrime

DDoS blackmailers attack in the name of “Fancy Bear”:

DDoS blackmailers attack in the name of “Fancy Bear”:Cybercriminals pretending to be the Fancy Bear hacker group are blackmailing German companies into paying large ransoms. Those failing to heed the attackers’ demands face the prospect of critical DDoS attacks.

Find out more

 

Massive DDoS attack on Hungarian banks and Magyar Telekom:

According to the telephone company, it was one of the biggest hacker attacks ever perpetrated in Hungary, in terms of both scope and complexity.

Find out more

 

Data breach at US hospital: Medical records and personal information of 6,000 patients stolen:

The stolen records include name, date of birth, detailed medical records, and in some cases, insurance information and social security numbers.

Find out more

 

Didn’t care much for online classes: 16-year-old high school student disrupts school with a simple DDoS attack:

The teenager from Miami used the open source “Low Orbit Ion Cannon” stress testing tool to overwhelm the school district’s inadequately secured networks.

Find out more

Things to know

The Myra platform at a glance

The Myra Security-as-a-Service platform is conceived as a comprehensive protection concept for securing digital business processes. The individual solutions interact seamlessly to ensure robust IT security, performance, and certified compliance.

Find out more


August 2020

IT-Security-Trends

Data breaches are costing the German financial industry dearly:

According to a study by IBM, no other industry has recorded such high levels of damage related to data breaches and cyber attacks as the finance sector.
Find out more

Hospital law of the future: German government focuses on IT security:

The German government plans to spend three billion euros to advance the digitization of hospitals. The funding requires that hospitals focus on IT security during the digital transformation.
Find out more

There is no IT security without awareness:

If you want to strengthen cybersecurity in your company, you cannot rely on technical solutions alone. Employees must also be brought up to speed on the subject so that the right strategic response is made in the event of an attack.
Find out more

The challenge of IT outsourcing in the financial sector:

The trend toward outsourcing IT security to specialist providers is continuing. Especially in the financial sector, however, the regulatory requirements for outsourcing of this kind are being increasingly scrutinized by BaFin. This will also have an impact on insurance companies.
Find out more

Quantum computing entails opportunities and risks:

Innovative quantum systems calculate the complex risk models and optimization tasks of banks and insurance companies in the shortest possible time. However, the Federal Association of German Banks (BdB) warns that the technology can also be used to defeat commonly used encryption methods.
Find out more

Cybercrime

Encryption Trojan with affiliated leak platform:

The novel Conti ransomware not only encrypts the data of its victims but also threatens to publish the victims’ data on a publicly accessible platform.
Find out more

Travel operator CWT pays $4.5 million to get its data back:

As part of a ransomware attack, the US business travel operator was forced to pay the equivalent of US$ 4.5 million in Bitcoin.
Find out more

A million-dollar bribe for an attack on Tesla:

Cybercriminals offered an employee at the Tesla factory in the US state of Nevada a million-dollar bribe. In return, he was to infect the factory’s systems with malware. However, the employee demonstrated loyalty and reported the incident to his employer. The FBI is now investigating the incident.
Find out more

Best Practise, Defense & Mitigation

Catching up on the backlog of IT security in hospitals:

In healthcare, another critical infrastructure (KRITIS), BSI attests to weaknesses in organizational measures for cybersecurity. There is nothing to criticize in the technical implementation of security measures, but an IT-specific security culture is lacking. This manifests itself in incomplete risk management, insufficient network segmentation, and outdated Windows operating systems.
Find out more

Checking IT service providers more closely:

Raimund Röseler, Executive Director of Banking Supervision, is in favor of direct control rights and sanctions against IT service providers. This is the only way BaFin can ensure that strict compliance guidelines are adhered to in the ongoing trend toward IT outsourcing:
Find out more

Things to know

The Myra platform at a glance: Web Application Security:

Web Application Security: Injection attacks, malware attacks, manipulative bot requests, and more: Online services today are exposed to a wide range of threats that need to be systematically addressed. As an upstream protective wall, Myra Website Application Security protects the web applications of companies and government agencies from all of these kinds of attacks.
Find out more

The Myra platform at a glance: Web Intelligence:

Web Application Security: Injection attacks, malware attacks, manipulative bot requests, and more: Online services today are exposed to a wide range of threats that need to be systematically addressed. As an upstream protective wall, Myra Website Application Security protects the web applications of companies and government agencies from all of these kinds of attacks.
Find out more

July 2020

IT-Security-Trends

Social Engineering: What the Twitter Hack Shows Us:

Attackers have successfully hacked countless celebrity and corporate accounts on Twitter and used them for bogus spam messages. The blame for this was not due to a vulnerability in Twitter’s systems, but to a successful social engineering attack on one of the service’s employees. You can find out more about the attack here:
Find out more

Digitization in Health Care in Demand as Never Before:

International studies have shown that patients are increasingly demanding digital treatment methods such as telemedicine, health apps, and AI-supported diagnostics programs. The basis for successful digitization in the health care sector, however, is IT security, data protection, and compliance.
Find out more

Apart from Critical Infrastructure, Infrastructure Providers Are Often Easy Prey:

Hackers have succeeded in stealing and releasing customer and employee data from an energy supplier in Mainz. Like many other municipal providers, which due to their size do not fall within the definition of critical infrastructure, the company does not have to meet the high standards set out in German IT security legislation.
Find out more

Ransomware Security Measure Hobbles Lower Saxony’s Tax Offices:

In order to avoid being infected by Emotet and other types of malware, the tax authorities of Lower Saxony have since the beginning of the year stopped processing e-malls with file attachments or links. A secure environment for the quarantined opening of such content is presumably in the test phase.
Find out more

Cybercrime

Credential Stuffing: The Underrated Risk:

Even in spectacular security breaches, hackers don’t usually overcome any technical security hurdles, but instead often simply misuse normal login details.
Find out more

Windows POS Malware Uses DNS to Steal Credit Card Information:

A new type of malware uses the DNS protocol to steal credit card data and payment information from cash register systems without being detected. The stolen information can be used directly for transactions or even to clone credit cards.
Find out more

Cybercrime: What’s behind Digital Crime?

With increasing digitization, cybercrime continues to gain momentum and causes billions in damages to the economy, government, and society at large. Learn more about the multilayered threat from the Internet here:
Find out more

GDPR Shows Its Teeth:

Last year, about two-thirds more breaches of the General Data Protection Regulation were reported in Europe. In most cases, the violations involved unauthorized access to personal data through cyberattacks, tampering and sabotage, and the loss of non-secured mobile devices and laptops.
Find out more

Things to know

The Myra Platform at a Glance: Multisite Load Balancer:

Delayed access or even total failure of web applications and online services are unacceptable in a professional environment. Multiple redundant server systems and data centers provide a remedy for such problems. Without smart distribution of access, however, even such concepts are of little help.
Find out more

The Myra Platform at a Glance: Content Delivery Network:

What counts most on the Internet are speed and stability. If, in contrast, there are delays in loading websites or using web applications, most users leave after a few seconds and look for alternatives. That’s why companies cannot afford to sacrifice performance when doing business online.
Find out more

The Myra Platform at a Glance: DDoS Protection:

Myra DDoS Protection is an integral part of our certified Security-as-a-Service platform. The solution, developed and operated in-house, reliably and fully automatically protects web applications, websites, DNS servers, and IT infrastructure.
Find out more

June 2020

IT-Security-Trends

With Cybercrime as a Service, digital attacks become a service:

Anyone who now wants to digitally target companies no longer has to get their fingers dirty. Cyber attacks are offered as a service on the Darknet.
Find out more

DNS attacks cost companies an average of EUR 920,000:

In Germany, the financial harm caused by DNS-based attacks on companies amounts to an average of EUR 920,000. According to IDC, phishing, and DDoS attacks are among the most common types of attack.
Find out more

Why captchas alone are not enough:

Captchas protect web applications from malicious access by bots and spammers. However, the plus in security comes at the price of disadvantages in accessibility and usability. The little image and audio puzzles also present an obstacle for some human users.
Find out more

Incomplete digitization in the insurance industry:

According to a recent YouGov study, insurers score only average on the digital transformation. While data protection and IT security were rated by the majority, there were shortcomings in the user experience.
Find out more

Social engineering and phishing in perfection:

Cybercriminals forge business e-mails and websites with ever increasing precision. At first glance, the malicious fakes cannot be distinguished from the originals. Awareness and a trained eye are required to reliably spot phishing.
Find out more

SMEs underestimate the risks:

German small and medium-sized enterprises are increasingly becoming the focus of cybercriminals. Compared to larger companies, however, medium-sized companies are rarely reliably protected against attacks, and there is often a lack of awareness of the problem.
Find out more

Cybercrime

Major raid against users of Darknet platform:

More than 1,400 police officers throughout Germany were involved in a major raid against users of Crimenetwork, the illegal online platform. In over 200 searches, more than 300 TByte of data material was seized, allegedly providing evidence of drug and arms trafficking, botnets, credit card abuse, and other crimes.
Find out more

Computervirus shuts down Berlin Court of Appeal for nine months:

The majority of the roughly 150 judges of the Berlin Court of Appeal have been unable to work for about nine months because their recently purchased laptops cannot be securely connected to the court’s internal network due to a lack of VPN (via Fefe).
Find out more

Financial service providers in BaFin’s sights:

In its journal, the Federal Financial Supervisory Authority (BaFin) regularly draws attention to shady characters on the financial market who have attracted attention through questionable products and illegal practices. The black sheep at a glance:
Find out more

Things to know

IT Security Act: Big update coming up:

The IT Security Act is getting a major update in order to bring the catalogue of requirements and also the BSI itself into line with the current level of threat. In essence, the current draft law for IT Security Act 2.0 provides for an active protective role of the BSI for the government, economy, and public.
Find out more

SOC: Where all threads of cybersecurity come together:

In the Security Operation Center (SOC), IT specialists continuously analyze and evaluate all security-related data of corporate IT. The SOC’s primary task is to proactively identify and close possible vulnerabilities in systems and to actively initiate countermeasures in case of cyber attacks.
Find out more

May 2020

IT-Security-Trends

Cybercriminals exploit corona crisis for attacks:

While COVID19 is causing a global state of emergency, cybercriminals, and hacker groups are taking advantage of the situation to target critical services. In addition to the public sector, the healthcare, and financial industries are also affected by the attacks:
Find out more

Credential stuffing is increasingly becoming a problem for banks and payment service providers:

The systematic misuse of login data on the internet is one of the most frequently used tools of attack for cybercriminals. Online scammers are mainly looking for lucrative access for banking and payments.
Find out more

The Association of German Banks (BdB) sees a need for action:

Banks must expect much more sophisticated cyber attacks in 2020 than in the past. This is why coordinated measures for more IT security and industry-wide cooperation are now required:
Find out more

Mobile on the move:

Security-critical applications from the banking sector are also increasingly being used on mobile devices. It is important there to create secure platforms for financial services:
Find out more

Cybercrime

Supercomputers under fire:

A number of European high-performance data centers had to disable access to their supercomputers due to hacker attacks. The SuperMUC facility at the Leibniz Supercomputing Center in Garching, the Hawk high-performance computer at the Stuttgart HLRS, and the Jureca system in Jülich were also affected. The background to the cyber attacks is currently still unclear:
Find out more

Major attack on WordPress:

In a large-scale attack campaign, a hacker group took fire at over 900,000 WordPress websites. The sites were to be taken over by cross-site scripting (XSS).
Find out more

Best Practise, Defense & Mitigation

Remote work requires security by design:

Working safely away from the office is commonplace in times of corona. User-friendly IT security provides practical protection.
Find out more

IT Security Act 2.0 makes BSI a powerful cyber authority:

The new draft for an expanded IT Security Act provides for the retention of log data, among other things. The office is also to be expanded by about 600 positions, according to plans by Federal Interior Minister Horst Seehofer (CDU):
Find out more

Cybersecurity and business must work in harmony:

Gartner analysts are calling for decision-makers to make IT security a business-critical area in companies. After all, cybersecurity decisions have a direct impact on business results – not least due of the impact of the corona pandemic:
Find out more

Things to know

What exactly does the BSI do?

The Federal Office for Information Security (BSI) is committed to the protection of IT systems in government agencies, companies, and private households. Find out what they do in detail here:
Find out more

There will be cybercriminals for as long as the money keeps rolling in:

Digital attackers usually act out of monetary interests. Current studies show that in 9 out of 10 cases cyber attacks are financially motivated:
Find out more

Share this article