Category: Germany

Germany has launched an investigation into reports of a significant cyber threat believed to be linked to the BadBox Malware, which has allegedly infected over 192,000 devices across the country. These devices include a wide array of electronics, such as media players, digital picture frames, streaming devices, smart TVs, smartphones, and tablets. The malware is thought to have emerged as a new cyber threat, adding to the growing list of challenges posed by evolving digital security risks.

This latest development follows the earlier appearance of Malibot, another malicious software that has been targeting Android devices in recent months. Both of these cyber attacks are suspected to have originated from China, as reported by the HUMAN Satori Threat Intelligence team, a prominent cybersecurity organization based in New York.

Satori Intelligence, which collaborates with tech giants like Google and assists law enforcement agencies in neutralizing cyber threats, has been actively working to trace and dismantle these security breaches. The term “Satori” is derived from Japanese Buddhist philosophy, meaning “awakening” or “enlightenment,” symbolizing the organization’s mission to uncover hidden cyber threats and bring them into the light.

How BadBox Malware Works

The BadBox Malware is primarily affecting devices that are running outdated or unsupported operating systems, or those that have ceased receiving regular security updates. This makes them more vulnerable to cyber attacks. Interestingly, some cybersecurity platforms suggest that BadBox may be specifically targeting devices that are already compromised by Triada, a type of Android malware that was previously preinstalled on certain devices, leaving them exposed to further exploits.

According to reports from the German Federal Office for Information Security (BSI), which is leading the investigation into the infections, the malware is capable of a range of malicious activities.

These include:

Bypassing Traditional Security Features – BadBox can circumvent conventional security measures, such as antivirus software and firewalls, allowing it to gain deeper access to infected systems.

Data Exfiltration – The malware is capable of silently collecting sensitive information from infected devices and transmitting it to external servers, which could potentially include personal data, financial information, or business secrets.

Ad Fraud and Espionage – The malware can be used to hijack advertising networks for fraudulent purposes, potentially generating revenue for cybercriminals through illegal means. It can also facilitate espionage, allowing attackers to monitor and steal data from victims.

Ransomware Distribution – In addition to these activities, BadBox acts as a bot in a larger network, helping spread ransomware across connected devices, further exacerbating the impact of the attack. It can also serve as a proxy to evade surveillance by law enforcement and security agencies.

Protecting Yourself from Cyber Threats

As these attacks continue to evolve, experts emphasize the importance of regular device updates as one of the most effective defenses against malware like BadBox. Users are strongly encouraged to:

a.) Update devices regularly to ensure that they are protected by the latest security patches and bug fixes.

b.) Install reliable security software to provide an additional layer of defense against cyber threats.

c.) Be cautious about suspicious apps or downloads, particularly those from untrusted sources.

d.) Follow best practices for mobile security, such as using strong passwords, enabling two-factor authentication, and avoiding public Wi-Fi networks for sensitive activities.

Cybersecurity experts warn that the spread of BadBox and similar malware is a reminder of the constant need for vigilance in an increasingly digital world. With cybercriminals continually developing new methods to exploit vulnerabilities, users must stay proactive in safeguarding their devices and personal data.

Looking Ahead

The investigations into BadBox and Malibot malware are ongoing, and authorities are working to mitigate the impact on affected individuals and organizations. As the situation develops, the BSI and other cybersecurity agencies are expected to release further advisories and guidelines to help users protect themselves from these malicious attacks. The fight against such threats underscores the growing importance of global cooperation in cybersecurity, as well as the need for ongoing education and awareness around digital safety practices.

The post Germany Investigates BadBox Malware Infections, Targeting Over 192,000 Devices appeared first on Cybersecurity Insiders.

Deutsche Flugsicherung (DFS), based in Langen, Frankfurt, has recently experienced a cyber attack that had a minimal impact on its operations. As Germany’s Air Traffic Control agency, DFS has confirmed that its critical operations remained unaffected due to a robust business continuity plan.

Bayerischer Rundfunk, Munich’s official TV and radio broadcaster, has reported that the attack was carried out by a state-sponsored actor. Initial investigations have traced the attack to APT28, a notorious Russian hacking group also known as Strontium, Blue Delta, Pawn Storm, and Fancy Bear. This group was previously implicated in the 2015 cyber attack on the Bundestag.

Since 2007, this threat group has targeted various government, private, and military agencies. Notably, they were involved in the 2016 U.S. elections, which resulted in Donald Trump’s election as the 58th President of the United States.

Germany has faced an increase in cyber attacks, particularly since its support for Ukraine in the conflict with Russia. Reuters reports that Germany is now the third most targeted nation by Russian adversaries, following the United States and Australia.

In related cyber incident news, Bitkom, Germany’s leading digital association, has released a survey indicating that digital sabotage cost German companies approximately 267 billion euros in 2023—a 29% increase from 2022.

The survey highlights that about 70% of the affected companies were targeted by major cybercrime groups, leading to data theft, operational disruptions, and, in some cases, company closures due to data loss and subsequent legal issues.

Interestingly, China has emerged as the top adversary in terms of cyber threats to Germany, with Russia holding the second position.

The post Russia APT28 Cyber Attacks German Air Traffic Control appeared first on Cybersecurity Insiders.

Since August 14, 2024, the Federal Office for Information Security (BSI) in Germany has begun issuing security labels for IT devices. These labels provide a snapshot of the security level that users can expect from their devices.

In today’s digital age, smartphones and tablets used in corporate settings handle and store vast amounts of sensitive information, making them prime targets for hackers. To protect personal information such as photos, videos, documents, messages, and contacts, users require a certain level of security.

The BSI has introduced guidelines for manufacturers to qualify for these IT security labels. To earn a label, manufacturers must ensure their products, components, and services adhere to specific security standards.

Key requirements include:

a.) Identifying and addressing vulnerabilities promptly.
b.) Maintaining transparency about data collection, analysis, and storage practices.
c.)  Informing users about the use of components like microphones, cameras, and location sensors.
d.)  Clearly outlining permissions required by pre-installed mobile apps for accessing information such as camera, contacts, microphone, location, messages, and gallery.

Privacy advocates emphasize that these guidelines should not only be established in theory but should be rigorously applied by manufacturers.

The need for such IT security labels extends beyond Germany, as digitalization becomes increasingly pervasive worldwide. These labels provide valuable insights into the cybersecurity measures of devices, helping both consumers and businesses make informed decisions and fostering trust in the products they use. Thus, these labels not only enhance business reputations but also ensure that consumers can use products with greater confidence.

The post Germany offers Cybersecurity Labels for mobile devices appeared first on Cybersecurity Insiders.

In recent times, many developed nations such as the United States, the United Kingdom, Canada, and Australia have refrained from publicly identifying their cyber adversaries, understanding that doing so might inadvertently provide these adversaries with a significant advantage on the global stage.

However, there has been a significant shift in this approach as Germany steps forward to become the first nation to officially criticize both Russia and China for the notable increase in cyber attacks targeting its national infrastructure. These attacks have surged by an alarming 37%, resulting in a staggering annual economic loss of $224 billion (€206 billion). The most common forms of cyber attacks encountered by Germany include data theft, network disruptions, and espionage.

A study conducted by Bitkom, the digital watchdog based in Berlin, revealed that nearly 46% of cyber attacks witnessed last year against German companies originated from Russia and China. Out of the 1,000 recorded digital assaults, over 33% were attributed to Russia, while China accounted for 23% of the attacks.

The concerning trend indicates that the attack rate is expected to further escalate in the current year, 2023, with ransomware attacks driven by increasing sophistication constituting the majority of recorded offenses. These attacks are projected to result in annual economic losses of approximately $160 billion for companies unless concerted efforts are made by both the government and private sector to effectively counter and prevent these state-sponsored attacks.

A perplexing aspect highlighted in this survey is that 38% of the victimized companies, upon launching a third-party forensic investigation, were unable to pinpoint the exact origin of the attacks. This underscores the ability of hackers to obfuscate their activities using advanced technology or the hiring of criminals from other developing nations to disrupt national computer networks.

Sinan Selen, the Vice President of German Domestic Intelligence Services, emphasized that only a mere 3% of these attacks were successfully detected. The origin of other attacks remains challenging to trace, as hackers employ tools that are exceptionally difficult to monitor, making it nearly impossible to identify their precise location of origin down to a specific district or province.

The post Germany witnesses $224Bn yearly economy loss with Cyber Attacks appeared first on Cybersecurity Insiders.

Russia launched a war on Ukraine, its neighboring country, on February 24th of the year 2022. And still the Zelenskyy led nation hasn’t surrendered to Moscow, all because of the extreme support from the west, regarding arms & ammunition, essentials and, of course, funds.

As the war is fast approaching the one year long milestone, Putin intensified the war by attacking the civilian populace from December last year.

But on constant requests of Volodymyr Zelensky, the President of Ukraine, nations like Germany, the UK, USA and Australia started sending battle tanks to Kyiv, in order to support its retribution against the Russian forces.

Retaliating this move, Kremlin might have thought to take vengeance through cyber-attacks against the west and the first nation to be targeted was Germany.

According to a press release of the Federal Cybersecurity Agency(BSI), all websites related to major airports, companies and government agencies are being hit by DDoS attacks aka denial of service attacks.

BSI predicts that more such digital invasions are expected in coming weeks and expectations are in that the next sector that may observe disruption is finance.

Killnet, the hacking group funded by Kremlin, has taken credit of the attack and announced that all western countries linked to the supply of ammunition such as the Leopard 2 tanks to Ukraine will have to face a tough time ahead.

On the other hand, Zelensky has ruled out peace talks with Moscow and insisted that the war may last till March this year and expects France and Macron to support his nation by sending AMX-10 RC armored combat vehicles, fighter jets and Challenger 2 Tanks and US manufactured M1A2 Abrams tanks.

 

The post Russia starts cyber attacks on the West with Germany for supporting Ukraine appeared first on Cybersecurity Insiders.

Germany’s Cybersecurity Chief of the country was sacked from his post on Tuesday this week, following media reports that he had links with Kremlin. Arne Schonbohm will remain under suspension from his Federal duties until further orders,

Nancy Faeser, the spokesperson of the Internal Ministry, acknowledged the incident as true and added that the suspension of Mr. Arne was justified as he showed neutrality and impartiality in his leadership skills as the President.

Interestingly, Arne worked for a Russian firm named Protelion till 2016 and then served as Governments Computer and Communications Security from then on. He kept office till this year beginning, when some media reports responded to Jan Bohmermann, a satirical, comical show that highlighted the links of the head of Cybersecurity.

Protelion is now found to be a business subsidiary of Infotecs, a firm that has links to Russian Intelligence Services.

As more truth excavation has to be done, details will be updated as soon as they are available.

Cyber Security Council Germany has expelled Protelion from its list of members and quashed out the media reports about lobbying and Russian influence on certain projects as completely false.

 

The post Cybersecurity chief of Germany sacked because of Russian links appeared first on Cybersecurity Insiders.

Someone's election-fiddling is uncovered with an Apple AirTag, a cyber scandal rocks Germany, and a swindler steals a fortune due to trains being delayed. All this and much more is discussed in the latest edition of the award-winning "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by runZero's Chris Kirsch. Plus don't miss our featured interview with Akamai's Patrick Sullivan talking about bots in the retail sector.

Ransomware attack on ‘Heilbronn Stimme’, the German newspaper, has halted the distribution of newspapers, including a 28-page epaper since Friday last week. Although the company tried to manage things by printing the missed-out edition via an emergency 6-page news theme, it did not publish any sensitive news as the blocks were already filled with obituaries and classifieds that were to be printed in the edition to be published on October 14th,2022.

As the communication and phone lines were down, ‘Heilbronn Stimme’ staff was urged to opt for work from home. Temporary email ids were assigned to some staff members and were asked to use WhatsApp platform to stay in touch with admins, other staff members and journalists.

Since the publisher’s 75,000 printing dime was halted, most of the readers visited the website for news articles, thus taking the usual count of 2 million visitors per month to little over half a million per day.

 

Reports are in that publishing subsidiaries such as Pressedruck, Echo and RegioMail were also affected by the file encrypting malware and the business loss stands beyond estimation for now.

Because Germany is supporting Ukraine in its war with Russia, the suspicion finger on who is behind the attack is currently pointing towards Moscow.

Law enforcement agencies from Baden-Wurttemberg, in coordination with some forensic experts from a cybersecurity firm, are busy investigating the incident.

It remains unclear on whether the publishing firm will pay a ransom to free up its database/s from encryption. However, the publishing of emergency editions is taking place at a 3rd party media firm based in Karlsruhe.

 

The post Ransomware attack halts circulation of newspapers in Germany appeared first on Cybersecurity Insiders.

Have you ever confused your acronyms?  Perhaps you have laughed when someone has had to explain some of the acronyms used in text messages.  Business, and especially technology acronyms are almost as plentiful as text acronyms.  There are few things as embarrassing as being in a business meeting, and mistaking one acronym for another.  This […]… Read More

The post What is Bundesamtes für Sicherheit in der Informationstechnik (BSI)? appeared first on The State of Security.