image-2019-10-30-10-41-06-531.png

BSI Management Report on IT Security in Germany 2019: Danger especially for public authorities

According to the Federal Office for Information Security (BSI), the current threat situation in Germany is "highly strained". Particularly explosive for society as a whole: While corporations and institutes were once the target of attack, more and more public institutions are now among the victims of malicious software.

BSI President Arne Schoenbohm presented the report (in German) in Berlin and spoke of a "high-risk situation". The reporting period in the management report will be from June 2018 until the end of May 2019. During this time, BSI staff identified 114 million new variants of malicious programs. German network operators were informed about 11.5 million reports of infections. In government networks of the Federal Republic one could intercept 770,000 defective mails during the period. 300,000 malicious programs are added each day, many of which are based on Emotet.

The BSI considers Emotet to be a particularly dangerous threat within IT security. Recent reports from a highest court and a medical school show how fatal such an attack can be for the facilities. The damage history is not detected for a long time, because by the time the infected system detects the malicious program, contacts from the address books and content from emails could have been read out over many weeks and the malicious code could have been distributed. Deceptively real-looking news from the well-known distribution lists then contain the malware, which recharges programs that are malicious.

Emotet sends deceptively real-looking mails | Outlook Harvesting

What is termed "Outlook Harvesting" is nothing more than the broad, campaign-driven distribution of spam. In the worst case, planned and disguised so well that addressees receive messages that relate directly to previous, authentic communication with colleagues, business partners or people from the family or the circle of acquaintances. These authentic-looking messages with partly highly specialized content are hardly recognizable for recipients who are not sensitized to the subject. File names are deceptively real and malicious links are simply not recognized as such.

The main danger posed by Emotet is that by downloading malicious programs not only logins are read, but in the worst case remote access to the network can be established. Common antivirus protection is usually ineffective against such attacks, as the malware is permanently modified and updated - but antivirus programs can only fend off known attackers. For example, the BSI recently informed that Emotet reloaded modules that made online banking manipulatable. With these blackmail Trojans (also: ransomware) partly large sums of ransom money are demanded - and until the system is cleaned up, at worst the production or the entire operation is paralyzed.

BSI President Arne Schoenbohm already reported to Emotet about a year ago: "Appropriate prevention can significantly reduce the risk of infection with Emotet." This is reflected in the protection measures from the Alliance for cybersecurity (in German) that you can take.

Protection from Emotet | How to protect your organization and your business

1. Sensitize your employees of the dangers of malicious email attachments and broken links. Ideally, conduct regular training sessions in which you circulate fake messages of known senders that look as authentic as possible. Establish a process in which every user knows to whom conspicuous messages have to be reported.

2. Employee accounts should only be equipped with minimum rights.

3. Make sure that applications, anti-virus programs, and operating systems - ideally automated - are updated. Important are browsers, their plug-ins, mail clients, office applications and PDF programs.

4. Make regular (offline) backups and set schedules for restoring data.

5. Monitor anomalies using automated and manual monitoring.

6. Separate your network according to application areas, so that the client and server are detached from the production.

A particularly comprehensive and effective solution for protection against malicious software is the separation of the operating system from the browser. The network is proactively protected against ransomware, zero-day exploits, ATPs and Trojans, and dangerous links are no longer a threat.

Since browsers and operating systems no longer have direct hardware access, attackers of any kind cannot attack the computer and the local network.

Richiedi informazioni

Hai qualche domanda o ti servono altre informazioni? Compila il modulo e ti ricontatteremo al più presto.

Desidero ricevere informazioni da Rohde & Schwarz tramite

Autorizzazione al marketing

Cosa significa nello specifico?

Accetto che ROHDE & SCHWARZ GmbH & Co. KG e l’entità ROHDE & SCHWARZ o l’azienda controllata riportata nelle note legali di questo sito web, potrà contattarmi tramite il canale prescelto (e-mail o posta) per scopi di marketing e pubblicità (ad es., informazioni su offerte speciali e sconti) in relazione a, in via non limitativa, prodotti e soluzioni del settore di collaudo e misurazione, comunicazioni sicure, monitoraggio e collaudo di rete, trasmissione, media e sicurezza informatica.

I tuoi diritti

La presente dichiarazione di consenso può essere revocata in qualsiasi momento inviando una e-mail con oggetto “Annulla iscrizione" all’indirizzo news@rohde-schwarz.com. In più, in ciascuna e-mail pubblicitaria inviata sarà allegato un link per annullare l’iscrizione. Nella ”Dichiarazione di riservatezza” vengono definiti ulteriori dettagli sull’utilizzo dei dati personali e sulla procedura di ritiro.

La tua richiesta è stata ricevuta. Ti ricontatteremo a breve.
An error is occurred, please try it again later.