• Rss
  • LinkedIn
  • Youtube
  • Twitter
  • Instagram
  • English English English en
  • Deutsch Deutsch German de
Sales: +49 5251 304-800 | Support: +49 5251 304-636
NoSpamProxy
  • HOME
  • PRODUCT
    • NoSpamProxy Cloud
    • NoSpamProxy Protection
    • NoSpamProxy Encryption
    • NoSpamProxy Large Files
    • NoSpamProxy Disclaimer
  • SUPPORT
    • Knowledge Base
    • Forum
    • Training courses
    • Support Request
    • Software-Download
    • Resources
  • PARTNERS
    • Finding Resellers
    • Becoming Reseller
    • Partner Portal
  • COMPANY
    • Team
    • Testimonials
    • Career
    • Contact
  • EVENTS
    • Events
    • Webcast Training
  • BLOG
  • FREE TRIAL VERSION
    • Price request
    • Free trial version
  • English
    • Deutsch
  • Search
  • Menu Menu
  • Berliner Kammergericht Cyberangriffe öffentliche Einrichtungen

This is why public institutions in particular are the target of cyber attacks

A large number of cyber attacks hit public institutions and authorities in 2019. The administration of the city of Frankfurt am Main, the Berlin Chamber Court and the administration of Neustadt am Rübenberge are just three examples that show the catastrophic consequences that an infestation with malware can have for authorities. In all these cases, it was the banking Trojan Emotet – the most dangerous malware in the world at the moment, according to the Federal Ministry for Information Security (BSI) – that was able to paralyze these authorities and in some cases still does so.

Even less than six months after the Emotet infestation, the Berlin Chamber Court is largely offline. Neustadt am Rübenberge was also badly hit, because when the attack hit the city hall in September 2019, the hackers were able to encrypt most of the files. Administrative work came to a virtual standstill: construction projects, marriages and payments of parental allowances were no longer possible.

  • Darum sind vor allem öffentliche Einrichtungen Ziel von Cyberkriminellen

What makes public institutions so interesting for cybercriminals?

Money or life

With the spread of ransomware, the hackers in most cases pursue a goal: the extortion of ransom. Public institutions are particularly interesting here, since life in cities and municipalities depends on their functioning. In some areas, this can even be taken literally; let us think only of the health sector.

Especially in times of the Corona pandemic, it becomes clear how irreplaceable medical infrastructures are – at the moment, countless lives around the world depend on how effective their respective health systems work. Infestation of administrations with malware can bring collaboration, information exchange, and organization to a standstill. Added to this are the consequences that hospital infestations can have — the Fürth Clinic is just one example from last year.

Accordingly, the hackers assume a greater willingness of the victims to pay ransom in order to be able to use affected systems again as quickly as possible. And they proceed systematically: the perpetrators often look around the networks first and adjust the ransom individually to the solvency and sensitivity of the found data and systems.

However, on federal and municipal level, there are Level in many cases legal requirements or administrative provisionswhich strictly prohibit the payment ofransoms. , in denen das Zahlen von Lösegeld strikt untersagt wird One does not want to signal to the blackmailers that their trick could succeed — otherwise the number of Blackmail attempts are only increasing, according to Helmut Dedy of the German Cities Day.

In the case of Neustadt am Rübenberge, however, it is still unclear whether ransom was ultimately paid.

Sensitive data

But it’s not always about money. If the cybercriminals do not pursue financial goals, there is a whole range of motivations: attracting attention (to put more pressure on later attacks) or political goals (to disrupt infrastructures), for example.

According to the federal and state data protection officers, government data, personnel or health data or other sensitive information were leaked during attacks in 2019. Basically,”it must be assumed that attacks lead to a data outflow when hackers could use the Emotet Trojan as a gateway,” the data protection officials said.

Even in the case of the Berlin Chamber Court, the data itself was apparently the target of the hackers. According to the forensic report, the attack was“clearly set up on data outflow“. While it is unclear whether the court documents could end up in the hands of the criminals, this cannot be ruled out.

The Berlin Chamber Court handles a wide range of legally relevant data: clear names of leniency witnesses, information on ongoing proceedings and other information on which financial penalties or prison sentences may depend. And these, too, can be worth a lot of money if they fall into the right — or wrong — hands.

  • Darum sind vor allem öffentliche Einrichtungen Ziel von Cyberkriminellen

Why are public institutions so often victims of cyberaattacks?

Rigid structures, outdated technology

Even healthy, medium-sized companies often have difficulty keeping their IT infrastructures up-to-date. The area of cybersecurity in particular is often neglected, as the importance of protection against cyberattacks is not recognised and investments in an effective cybercrime protection systemonzept are not recognised. not be approved.

This is all the more problematic as the malware used evolves faster and faster, creating new threats. Rapid and flexible response has become a prerequisite for the protection of can be protected from cyberattacks. Public institutions are particularly vulnerable here, as the problems of lack of budgeting are identified by bureaucratic obstacleswhich are make it impossible to fend off cyberattacks. Outdated IT systems and poor security concepts then lead to vulnerabilities that can be exploited by cybercriminals and make the success of such serious attacks possible.

Example Of the Berlin Chamber Court

The court did not have its computers looked after by the ITDZ, the central service provider for the information and communication technology of the Berlin administration, because the judicial authorities of the Länder work independently on the basis of the federalist structures and the principle of the separation of powers also in the field of IT security. The Court of Appeal insisted on the use of its own data centre. A mistake, as Chamber Court President Pickel now admits.

Numerous attack vectors

By definition, public institutions serve the public interest and are made accessible to their inhabitants — and are increasingly and legally enshrined in law. The Act on improving online access to administrative services (Online AccessAct) obliges, for example, thefederalgovernment, the Länder and municipalities to offer their administrative services digitally via administrative portals by the end of 2022.“.

The growing digitalization is leading to a large number of publicly available online offers and, at the same time, to an increasing number of employees exchanging (sensitive) data. This gives cybercriminals an ever-increasing attack surface:With the amount of offers available online, the amount of potential technical vulnerabilities and the risk of human error are also growing, especially if employees are not sufficiently sensitized to attacks.

Webinar with Andreas Arbogast, Prevention Specialist Cybercrime at the State Criminal Office NRW and Stefan Cink, Business Unit Manager NoSpamProxy.

Countering cyberattacks on public institutions

The BSI also underlines the importance of this employee awareness awareness,which is a useful first step on the road to IT security. However, emotet emails (and other malware-infested emails) now look very authentic, so only a powerful spam filter really protects against cyberattacks.

It is high time for public institutions to take action against cyber attacks. An e-mail security gateway is mandatory here, because only in this way are these facilities as well as the data of the residents and employees protected from the current threats.

NoSpamProxy already protects federal agencies

The vast majority of viruses use e-mail as a springboard into the company. NoSpamProxy already protects many public institutions— including two federal agencies — with a variety of security features, such as the Safeguard URL, sandbox service, or extensive reputation filter. Emotet infections and threats from other malware are thus reliably repelled. NoSpamProxy is developed exclusively in Germany and bears the “IT Security Made in Germany” seal of approval of the TeleTrust association. Request your trial now!

Try NoSpamProxy for free for 30 days
  • share 
  • share 
  • tweet 
  • email 

SEARCH

PRODUCT

  • All Topics
  • NoSpamProxy Cloud
  • NoSpamProxy Protection
  • NoSpamProxy Encryption
  • NospamProxy Large Files

Knowledge Base

Knowledge Base

Note: The information in this knowledge base is only relevant for NoSpamProxy up to version 13.2. All information for NoSpamProxy 14 and higher can be found in the online documentation.

CATEGORY

  • All Topics
  • News
  • Product
  • Tech & Support
  • Events
Subscribeto RSS Feed

NoSpamProxy

  • NoSpamProxy Cloud
  • NoSpamProxy Encryption
  • NoSpamProxy Large Files
  • NoSpamProxy Disclaimer
  • Price request
  • Team
  • Career
  • General terms and conditions
  • Data Protection Information for Business Partners and Applicants
  • Cybersecurity (PSIRT)

Partners

  • Becoming a reseller
  • Partners
  • Order Certificates
  • Newsletter

Categories

  • All topics
  • News
  • Support
  • Updates
  • Order certificates

Latest News

  • Info IconCritical Outlook vulnerability: No threat to NoSpamProxy customers24.03.2023 - 15:09
  • Default filter settings in NoSpamProxy 1422.03.2023 - 10:00
  • NoSpamProxy UpdateGlobal Rollout NoSpamProxy Version 14.0.515.03.2023 - 15:20
IMPRINT • EULA • Privacy Policy • © 2023 Net at Work GmbH
  • Rss
  • LinkedIn
  • Youtube
  • Twitter
  • Instagram
Vulnerability in iOS App Mail: What you should do nowSicherheitslücke in iOS-App Mail: Was Sie jetzt tun solltenEmotet Mails 3 BeispieleInside Emotet: 3 current examples and how Project 32Guards can protect you
Scroll to top