KW 39: Hacker attack on Federal Statistical Office, Cyber criminals are now phishing with HTML files, Deceptive threat to individuals and businesses

NEWS

Hacker attack on Federal Statistical Office: According to a report by Business Insider, there was a hacker attack on Germany’s Federal Statistical Office last week. Software was installed that allowed „external access to servers and file systems.“ The President of the Federal Statistical Office, Georg Thiel, is also the Federal Election Commissioner. But according to the Ministry of the Interior, the internal election server was not affected. Who is behind the cyberattack is not yet known. The Federal Office for Information Security (BSI) has no indication so far that there has been any manipulation or data leakage, according to a spokesperson for the Federal Statistical Office.
golem.de, spiegel.de

Cyber criminals are now phishing with HTML files: Spam filters and anti-virus software make life difficult for fraudsters and criminal hackers. To avoid them, they have now come up with a new method with HTML phishing. The first thing that lands in the inbox is a trustworthy-looking e-mail. The attachment to the e-mail contains an .htm file. This is a type of file that can normally be opened without concern. In the fraudulent version, a website opens first, asking the recipient to log in with their email address and password. The e-mail address is obligingly already filled in. If you also enter the password and click on „Login“, the website sends all the data on – directly to a website created by the fraudsters. To protect yourself, you should never open links from unknown sources, and mark any suspicious emails as spam.
netzwoche.ch

Deceptive threat to individuals and businesses: Deepfakes are videos, images or sounds created with the help of artificial intelligence that look real even though they are fakes. The technology has made another leap forward in recent years, making it almost impossible to tell the difference between well-made deepfakes and the real thing. This offers cybercriminals around the world a new starting point for social engineering attacks. Deepfake expert Dr Lydia Kostopoulos believes that the technology is now so good that anyone with enough patience, time and computing power can use it. She says it is very likely that cybercriminals will use these technologies because the technology is becoming more and more accessible to the public.
spiegel.de, zdnet.de

– Advertisement –
IoT – Ticker -The physical world meets the digital one. Internet of Things as an interface that revolutionizes both the industry and everyday life. Get a weekly update from the world of „Internet of Things“. iot-ticker.net

BSI investigates possible security vulnerabilities in smartphones from China: Following Lithuania’s warning of security vulnerabilities and built-in censorship functions in Chinese mobile phones, Germany’s Federal Office for Information Security (BSI) launched its own investigations. The state center for cyber security in Vilnius had been particularly critical of a device made by the Chinese manufacturer Xiaomi because it was technically capable of censoring certain content on the built-in web browser. The censorship filter was not active, but could be switched on remotely. In the case of Huawei, the Lithuanians criticized the fact that the app store also linked to sources that were classified as unsafe by the agency.
faz.net, stern.de, tagesschau.de

More cyber attacks on Telegram: According to a study published in the Financial Times, Telegram is increasingly becoming the new favorite haven for cybercrime. According to the study, captured access data or hacking tools are offered and sold via the encrypted messenger service. Telegram thus offers „an increasingly important alternative to the Darknet“. Telegram only falls under Germany’s Network Enforcement Act (NetzDG) to a limited extent, which makes things easier for hackers. The operators of the app do not cooperate with the police and security authorities. Here, Telegram obviously differs significantly from other providers such as Facebook or Google. In addition, leaked data files are offered for sale on Telegram channels with tens of thousands of subscribers.
tagesschau.de, schieb.de

Cybercrime: This is how unsafe the internet is for some people: Disadvantaged groups, such as people with lower incomes and lower levels of education, feel less safe online and are more likely to be victims of an attack. They also experience greater emotional distress from cyberattacks, according to the report „The Demographics of Cybercrime“. The report found that only three percent of people in Germany with an income of less than 57,000 euros consider their data on the internet to be very safe – while this is true for as many as eleven percent of people with an income of more than 57,000 euros. Depending on the type of cybercrime, women report being exposed to threats more frequently than men.
wmn.de, europarl.europa.eu

Cybellum acquisition: LG invests in cyber security for the cars of the future t3n.de
Authentication: Secure login via cloud without password entry it-daily.net
Risk analysis: Hackers prey on the healthcare sector security-insider.de
Need for action: Demand from SMEs boosts German cyber security market it-daily.net
Espionage: Stasi tapped car phones in West Berlin since 1975 golem.de

– Advertisement –
African Edition – The weekly newsletter that provides you with hand-picked news about current discussions and news from Africa: from socio-political developments to African-European relations. The continent at a glance. african-edition.com

NUMBER OF THE WEEK

According to a data analysis, criminal hackers are increasingly using automated mass attacks. In contrast, targeted attacks in which hackers are still personally sitting at the computer are becoming rarer, according to the new „Cybercrime Report“ by the US company Lexisnexis. According to the report, between January and June, automated attacks with the help of bot networks increased worldwide by 41 percent to an estimated 1.2 billion individual cases, about half of which affected companies in the financial services sector. Non-automated hacker attacks decreased by almost 30 percent.
cio.de

BACKGROUND

Thinking like an attacker is first step towards cyber security: In the world of IT security, you don’t have to be a cyber criminal to catch one – but it is certainly beneficial to understand how attackers think. The goal of hackers is to make IT systems work against themselves. They get vulnerable systems and applications to support the theft of data and intellectual property, for example. One such design flaw was initially voice control in mobile devices. It allowed the user-friendly interface of voice assistants to be bypassed, and iPhones could be instructed to call numbers of the attacker’s choice or open a malicious website from which further malware could be downloaded and installed. Another significant vulnerability is insecure coding. This vulnerability occurs mainly when programmers do not follow the rules for secure coding – which is unfortunately very common in the software world. Vulnerability researchers must learn to think like an attacker. By analyzing vulnerabilities that attackers also look for, researchers can find potential loopholes and significantly improve the security situation of companies.
handwerk.com, it-daily.net

Economic warfare via cyberattacks on the internet: At the start of May 2021, one of the largest petrol pipelines in the US temporarily shut down its operations. Cyber criminals had succeeded in encrypting data of the operator Colonial Pipeline with a „ransomware“. They demanded a ransom for the surrender of the key with which the data could be restored. The company paid 4.4 million US dollars to the computer hackers – in Bitcoin. With the cryptocurrency, the identity of the recipient remains unknown for the time being, which makes it difficult to trace the attack. The example shows: criminals are increasingly using the internet to prey on people, as Professor Christian Rossow, senior scientist at the Helmholtz Center for Information Security (CISPA) in Saarbrücken, also confirms. Currently, ransomware is one of their most popular tools. In addition to criminal organizations, numerous states are also active as attackers in cyberspace. Espionage and sabotage are most common. Governments, offices and companies offer a large attack surface with their diverse IT systems. But critical infrastructures such as electricity and water supply as well as IT and telephone networks are also likely to be the first targets of attack in a cyber war. Their protection is therefore particularly important.
helmholtz.de

QUOTE

„We are trying to survive.“
Huawei’s acting CEO Eric Xu said of the handling of Lithuania’s security warnings and the ongoing US sanctions.
businessinsider.de

SECURE?

Limited edition Pokémon Oreo cookies are being listed for thousands on eBay: How much would you pay for an Oreo cookie? For some, the answer could be thousands of dollars — as one hard-to-find Oreo cookie featuring a rare Pokémon is fetching a hefty price tag on eBay. The new Oreo collaboration with Pokemon debuted earlier this month, with cookies featuring various Pokémon embellished into the chocolate. But some cookies are more rare than others — with some Oreos featuring the extremely uncommon Mew, a psychic mythical Pokémon.
kcra.com

Newsletter subscription

Subscribe to our free weekly newsletter for a compact overview of safety and security topics:

Safety-Security-Ticker

More digital news briefings

Our political briefings