This is why public institutions in particular are the target of cyber attacks

A large number of cyber attacks hit public institutions and authorities in 2019. The administration of the city of Frankfurt am Main, the Berlin Chamber Court and the administration of Neustadt am Rübenberge are just three examples that show the catastrophic consequences that an infestation with malware can have for authorities. In all these cases, it was the banking Trojan Emotet – the most dangerous malware in the world at the moment, according to the Federal Ministry for Information Security (BSI) – that was able to paralyze these authorities and in some cases still does so.

Even less than six months after the Emotet infestation, the Berlin Chamber Court is largely offline. Neustadt am Rübenberge was also badly hit, because when the attack hit the city hall in September 2019, the hackers were able to encrypt most of the files. Administrative work came to a virtual standstill: construction projects, marriages and payments of parental allowances were no longer possible.

What makes public institutions so interesting for cybercriminals?

Money or life

With the spread of ransomware, the hackers in most cases pursue a goal: the extortion of ransom. Public institutions are particularly interesting here, since life in cities and municipalities depends on their functioning. In some areas, this can even be taken literally; let us think only of the health sector.

Especially in times of the Corona pandemic, it becomes clear how irreplaceable medical infrastructures are – at the moment, countless lives around the world depend on how effective their respective health systems work. Infestation of administrations with malware can bring collaboration, information exchange, and organization to a standstill. Added to this are the consequences that hospital infestations can have — the Fürth Clinic is just one example from last year.

Accordingly, the hackers assume a greater willingness of the victims to pay ransom in order to be able to use affected systems again as quickly as possible. And they proceed systematically: the perpetrators often look around the networks first and adjust the ransom individually to the solvency and sensitivity of the found data and systems.

However, on federal and municipal level, there are Level in many cases legal requirements or administrative provisionswhich strictly prohibit the payment ofransoms. , in denen das Zahlen von Lösegeld strikt untersagt wird One does not want to signal to the blackmailers that their trick could succeed — otherwise the number of Blackmail attempts are only increasing, according to Helmut Dedy of the German Cities Day.

In the case of Neustadt am Rübenberge, however, it is still unclear whether ransom was ultimately paid.

Sensitive data

But it’s not always about money. If the cybercriminals do not pursue financial goals, there is a whole range of motivations: attracting attention (to put more pressure on later attacks) or political goals (to disrupt infrastructures), for example.

According to the federal and state data protection officers, government data, personnel or health data or other sensitive information were leaked during attacks in 2019. Basically,”it must be assumed that attacks lead to a data outflow when hackers could use the Emotet Trojan as a gateway,” the data protection officials said.

Even in the case of the Berlin Chamber Court, the data itself was apparently the target of the hackers. According to the forensic report, the attack was“clearly set up on data outflow“. While it is unclear whether the court documents could end up in the hands of the criminals, this cannot be ruled out.

The Berlin Chamber Court handles a wide range of legally relevant data: clear names of leniency witnesses, information on ongoing proceedings and other information on which financial penalties or prison sentences may depend. And these, too, can be worth a lot of money if they fall into the right — or wrong — hands.

Why are public institutions so often victims of cyberaattacks?

Rigid structures, outdated technology

Even healthy, medium-sized companies often have difficulty keeping their IT infrastructures up-to-date. The area of cybersecurity in particular is often neglected, as the importance of protection against cyberattacks is not recognised and investments in an effective cybercrime protection systemonzept are not recognised. not be approved.

This is all the more problematic as the malware used evolves faster and faster, creating new threats. Rapid and flexible response has become a prerequisite for the protection of can be protected from cyberattacks. Public institutions are particularly vulnerable here, as the problems of lack of budgeting are identified by bureaucratic obstacleswhich are make it impossible to fend off cyberattacks. Outdated IT systems and poor security concepts then lead to vulnerabilities that can be exploited by cybercriminals and make the success of such serious attacks possible.

Example Of the Berlin Chamber Court

The court did not have its computers looked after by the ITDZ, the central service provider for the information and communication technology of the Berlin administration, because the judicial authorities of the Länder work independently on the basis of the federalist structures and the principle of the separation of powers also in the field of IT security. The Court of Appeal insisted on the use of its own data centre. A mistake, as Chamber Court President Pickel now admits.

Numerous attack vectors

By definition, public institutions serve the public interest and are made accessible to their inhabitants — and are increasingly and legally enshrined in law. The Act on improving online access to administrative services (Online AccessAct) obliges, for example, thefederalgovernment, the Länder and municipalities to offer their administrative services digitally via administrative portals by the end of 2022..

The growing digitalization is leading to a large number of publicly available online offers and, at the same time, to an increasing number of employees exchanging (sensitive) data. This gives cybercriminals an ever-increasing attack surface:With the amount of offers available online, the amount of potential technical vulnerabilities and the risk of human error are also growing, especially if employees are not sufficiently sensitized to attacks.

Webinar with Andreas Arbogast, Prevention Specialist Cybercrime at the State Criminal Office NRW and Stefan Cink, Business Unit Manager NoSpamProxy.


By loading the video, you agree to YouTube's privacy policy.
Learn more

Load video

Countering cyberattacks on public institutions

The BSI also underlines the importance of this employee awareness awareness,which is a useful first step on the road to IT security. However, emotet emails (and other malware-infested emails) now look very authentic, so only a powerful spam filter really protects against cyberattacks.

It is high time for public institutions to take action against cyber attacks. An e-mail security gateway is mandatory here, because only in this way are these facilities as well as the data of the residents and employees protected from the current threats.

NoSpamProxy already protects federal agencies

The vast majority of viruses use e-mail as a springboard into the company. NoSpamProxy already protects many public institutions— including two federal agencies — with a variety of security features, such as the Safeguard URL, sandbox service, or extensive reputation filter. Emotet infections and threats from other malware are thus reliably repelled. NoSpamProxy is developed exclusively in Germany and bears the “IT Security Made in Germany” seal of approval of the TeleTrust association. Request your trial now!