Cyber extortion REMAINS THE MOST DANGEROUS threat

2. Februar 2023 0 Von Horst Buchwald

Bonn, February 2nd, 2023

Just a single click on the link in an e-mail can trigger a chain reaction: the link may lead to a fake website with the aim of stealing very sensitive data from there. Or even to a malicious program that nestles unnoticed in your company's network. This literally opens the door for so-called ransomware, so that it then infects computers and devices on the network and encrypts data. Ransoms are often extorted for the release of such data, but almost as often the hassle of paying these funds does not end - because data remains encrypted or is published.

The fact that there are many such cases is shown not only by the current BSI situation report, which shows that cyber extortion remains one of the greatest threats, but also by this newsletter.

So it remains a current problem, even if the "sales" tend to decrease as a result of such attacks, as we also report today.

Jan Lammertz / Team BSI

1. The Live of Hive

"Security authorities in the USA and Germany have broken up a global network of computer criminals," reports Deutschlandfunk, among others. The "Hive" group is responsible for more than 1,500 cyber attacks on companies and public institutions worldwide, including those with ransomware. According to estimates by the investigative authorities, the damage caused by the group is in the billions. On ZDF, however, cyber expert Sandro Gaycken expressed skepticism about the success of the search: It was not announced whether arrests had been made. In addition, it is "unlikely," said Gaycken, "that the people behind it will be found and identified." Therefore, the expert expects that Hive will only be out of action for a few months.

BSI information on ransomware: https://www.bsi.bund.de/DE/Themen/Unternahmen-und-Organisationen/Information-und-Empfehlungen/Empfehlungen-nach-Gefaehrdungen/Fortstufenliche-Angriffe/Fortstufenliche-Angriffe_node.html

Deutschlandfunk for breaking up Hive: https://www.deutschlandfunk.de/weltweit-agendes-hackernetzwerk-hive-zerschläge-104.html

ZDF classification of the success of the search: https://www.zdf.de/nachrichten/digitales/faq-hive-cyber-kriminalitaet-100.html

2. Free protective material from the federal government

Citizens residing in Germany can order a cover for their webcam free of charge and free of shipping costs via the Federal Ministry for Family Affairs, Senior Citizens, Women and Youth (BMFSFJ), inside digital reports on a rather unknown service of the federal government. If you look around on the ministry's website, you will also find links to numerous brochures that deal constructively with children's media skills.

We at the BSI also have some publications for your cyber security: https://www.bsi.bund.de/DE/Service-Navi/Publikationen/Broschueren/broschueren_node.html

Service offered by the Federal Ministry for Family Affairs, Senior Citizens, Women and Youth (BMFSFJ): https://www.bmfsfj.de/bmfsfj/service/publikationen/webcamsticker-karte-top-secret-96100

Inside digital report on free protection material: https://www.inside-digital.de/ratgeber/bundesregierung-kostenloses-datenschutz-pakete-webcam

3. Cyber criminals extort fewer ransoms

Cyber criminals made significantly less money from ransomware last year than in the previous year, reports Heise Online. According to a study by the analysis company Chainalysis, hackers were able to extort ransom payments of around 456.8 million US dollars in 2022. In the previous year it was still 756.6 million US dollars. This corresponds to a decrease of around 40 percent. However, according to the analyst firm, this is not an indication of the decline in crime, but rather of the dwindling willingness of victims to pay ransoms.

The BSI expert Robert Formanek summarizes the threat posed by ransomware in a video from the "IT Security Compact" series: https://www.bsi.bund.de/DE/Themen/Verwachsenerinnen-und-Verwachsener/Cyber-Sicherheitslage/ Cybercrime-methods/Malware/Ransomware/ransomware_node.html

Heise Online on the slump in sales for cyber criminals: https://www.heise.de/news/Studie-Ransomware-Gauner-machten-2022-40-Perzent-weniger-Umsatz-7466300.html

Make regular backups of your most important data and store these backups on sticks or external hard drives that are not permanently connected to your network. In this way, you can quickly access your data again even in the event of a successful attack.

Further information on how to defend against ransomware attacks can be found at the BSI: https://www.bsi.bund.de/DE/Themen/Unterhalt-und-Organisationen/Cyber-Sicherheitslage/Analysen-und-Prognosen/Ransomware- Attacks/Top-10-ransomware-measures/top-10-ransomware-measures_node.html

-------------------------------------------------
by the way

So-called Excel add-ins (recognizable by the file extension ".xll") can functionally extend the spreadsheet from Microsoft. However, these extensions can also contain malicious code and malware that cybercriminals can use to gain access to corporate networks. Microsoft has therefore identified the Excel add-ins from the Internet as a threat and intends to block them from March 2023. This is reported by Heise Online. The block applies to the Excel versions in Office 365 on the desktop and in the cloud.

Heise Online on the end of Excel add-ins: https://www.heise.de/news/Microsoft-schiebt-Excel-Add-ins-aus-dem-Netz-den-Riegel-vor-7471712.html

6. Lexmark printer security vulnerability

Lexmark warns of security gaps in its printers: "Newer models allow attackers to inject and execute malicious code," writes Heise Online. Among them is a critical vulnerability that could be exploited by cyber criminals to provoke arbitrary code execution on the device. However, there are already updates that can be used to close all current security gaps.

Heise Online about critical security gaps in Lexmark printers: https://www.heise.de/news/Kritische-Sicherheitsluecke-Neuere-Lexmark-Drucker-ermoeglich-Codeschmuggel-7470640.html
Updates from Lexmark: https://support.lexmark.com/de_de.html

7. High-risk security breach at Cisco

Heise Online also reports on a high-risk security leak in Cisco's Unified Communications Manager. Attackers could inject SQL commands via gaps in the program and thus compromise systems. Updates are already available here as well.

Heise Online on the Cisco leak: https://www.heise.de/news/Cisco-Hochriskantes-Sicherheitsleck-in-Unified-Communications-Manager-7465203.html

Cisco Support Notes: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-sql-rpPczR8n

-------------------------------------------------- --
Good to know

8. Ransomware explained
The BSI explains how ransomware gets onto your devices and how you can protect yourself in a clear video: https://www.bsi.bund.de/SharedDocs/Videos/DE/BSI/VerwachsenerInnen/ransomware-erklaert.html
The current issue of the BSI magazine "Mit Sicherheit" also deals in detail with blackmail software: What happens when a ransomware incident is reported? How do we know what countermeasures are necessary in the event of a ransomware attack? And what do cybercrime and the economy have in common? You can download the magazine as a PDF free of charge: https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/Magazin/BSI-Magazin_2022_02.html
Heise Online, on the other hand, is trying a more historical approach: The online magazine traces the history of ransomware on its website and has to look back to the 1980s.
Heise Online - "Ransomware - from malicious code on diskette to modern strategies": https://www.heise.de/news/Lesetipp-Ransomware-vom-Schadcode-auf-Diskette-bis-zu-modernen-strategien-7442338. html
Even if the historical roots of ransomware seem almost cute: Such programs have never been harmless. The online portal ZDnet reports on the "real cost" of ransomware, meaning not only the immediate financial impact of an attack, but also the "psychological damage and other effects ransomware can have on victims and society in general."
ZDnet about "The real costs of ransomware": https://www.zdnet.de/88404956/die-real-costs-of-ransomware/

-------------------------------------------------- --
Practically safe

9. How to protect yourself from ransomware xxx

Even a moment of inattention can be enough to fall victim to a ransomware attack. The consequences can be fatal: Illegal account debits, services are no longer available, IT comes to a standstill and often cannot even be restarted by paying a ransom. The following security measures will help protect you from ransomware attacks.
Always keep operating systems, apps and virus protection programs up to date and close all potential security gaps in your systems and devices with updates and patches.
Set up two-factor authentication whenever possible.
Use protected connections for network access, so-called Virtual Private Networks (VPN).
If possible, do not open e-mails in the so-called HTML display, but in a display as "plain text" or "plain text". This protects you from macros and hidden links. If that doesn't work, try stopping active content from running.
Be extra careful when clicking on links and opening attachments in emails!
Make regular backups of your most important data and store these backups on sticks or external hard drives that are not permanently connected to your network. In this way, you can quickly access your data again even in the event of a successful attack.

Further information on how to defend against ransomware attacks can be found at the BSI: https://www.bsi.bund.de/DE/Themen/Unterhalt-und-Organisationen/Cyber-Sicherheitslage/Analysen-und-Prognosen/Ransomware-Angriffe/Top -10-ransomware-measures/top-10-ransomware-measures_node.html

-------------------------------------------------- --
by the way

Although cyber criminals were able to extort fewer ransoms than in the previous year, according to a study by the analysis company Chainalysis, almost 80 percent of victims of ransomware attacks still pay the ransom money, writes the portal B2B-Cybersecurity, citing the IDC -Study "Cybersecurity in Germany 2022". According to this, 49 percent of the victims pay because, from their point of view, it "simply goes faster". Another 18 percent are afraid that their data will be published, and another 12 percent don't want to admit that their protective mechanisms have failed. Incidentally, the BSI strongly advises against paying such ransoms because they offer no guarantee that the data will then be released again. In addition, successful attacks attract imitators.

B2B cyber security on ransom payments after ransomware attacks: https://b2b-cyber-security.de/cybersecurity-2022-fast-80-percent-der-ransomware-opfer-zahlen/

Would you like more security tips and information for your digital everyday life: https://www.bsi.bund.de/DE/Themen/Verwachsenerinnen-und-Verwachsener/ Verbraucherinnen-und- Verbraucher_node.html

"Cyber Security in Germany 2022". According to this, 49 percent of the victims pay because, from their point of view, it "simply goes faster". Another 18 percent are afraid that their data will be published, and another 12 percent don't want to admit that their protective mechanisms have failed. Incidentally, the BSI strongly advises against paying such ransoms because they offer no guarantee that the data will then be released again. In addition, successful attacks attract imitators.

B2B cyber security on ransom payments after ransomware attacks: https://b2b-cyber-security.de/cybersecurity-2022-fast-80-percent-der-ransomware-opfer-zahlen/

https://social.bund.de/@bsi

KategorieHeader