image-2019-10-30-10-41-06-531.png

BSI Management Report on IT Security in Germany 2019: Danger especially for public authorities

According to the Federal Office for Information Security (BSI), the current threat situation in Germany is "highly strained". Particularly explosive for society as a whole: While corporations and institutes were once the target of attack, more and more public institutions are now among the victims of malicious software.

BSI President Arne Schoenbohm presented the report (in German) in Berlin and spoke of a "high-risk situation". The reporting period in the management report will be from June 2018 until the end of May 2019. During this time, BSI staff identified 114 million new variants of malicious programs. German network operators were informed about 11.5 million reports of infections. In government networks of the Federal Republic one could intercept 770,000 defective mails during the period. 300,000 malicious programs are added each day, many of which are based on Emotet.

The BSI considers Emotet to be a particularly dangerous threat within IT security. Recent reports from a highest court and a medical school show how fatal such an attack can be for the facilities. The damage history is not detected for a long time, because by the time the infected system detects the malicious program, contacts from the address books and content from emails could have been read out over many weeks and the malicious code could have been distributed. Deceptively real-looking news from the well-known distribution lists then contain the malware, which recharges programs that are malicious.

Emotet sends deceptively real-looking mails | Outlook Harvesting

What is termed "Outlook Harvesting" is nothing more than the broad, campaign-driven distribution of spam. In the worst case, planned and disguised so well that addressees receive messages that relate directly to previous, authentic communication with colleagues, business partners or people from the family or the circle of acquaintances. These authentic-looking messages with partly highly specialized content are hardly recognizable for recipients who are not sensitized to the subject. File names are deceptively real and malicious links are simply not recognized as such.

The main danger posed by Emotet is that by downloading malicious programs not only logins are read, but in the worst case remote access to the network can be established. Common antivirus protection is usually ineffective against such attacks, as the malware is permanently modified and updated - but antivirus programs can only fend off known attackers. For example, the BSI recently informed that Emotet reloaded modules that made online banking manipulatable. With these blackmail Trojans (also: ransomware) partly large sums of ransom money are demanded - and until the system is cleaned up, at worst the production or the entire operation is paralyzed.

BSI President Arne Schoenbohm already reported to Emotet about a year ago: "Appropriate prevention can significantly reduce the risk of infection with Emotet." This is reflected in the protection measures from the Alliance for cybersecurity (in German) that you can take.

Protection from Emotet | How to protect your organization and your business

1. Sensitize your employees of the dangers of malicious email attachments and broken links. Ideally, conduct regular training sessions in which you circulate fake messages of known senders that look as authentic as possible. Establish a process in which every user knows to whom conspicuous messages have to be reported.

2. Employee accounts should only be equipped with minimum rights.

3. Make sure that applications, anti-virus programs, and operating systems - ideally automated - are updated. Important are browsers, their plug-ins, mail clients, office applications and PDF programs.

4. Make regular (offline) backups and set schedules for restoring data.

5. Monitor anomalies using automated and manual monitoring.

6. Separate your network according to application areas, so that the client and server are detached from the production.

A particularly comprehensive and effective solution for protection against malicious software is the separation of the operating system from the browser. The network is proactively protected against ransomware, zero-day exploits, ATPs and Trojans, and dangerous links are no longer a threat.

Since browsers and operating systems no longer have direct hardware access, attackers of any kind cannot attack the computer and the local network.

リクエスト情報

ご質問や詳細な情報のご要望などがございましたら、こちらのフォームよりお気軽にお問い合わせください。担当者よりご連絡させていただきます。

次の手段によってローデ・シュワルツから情報を受信することを希望します。

マーケティング・パーミッション

詳細について

私は、このウェブサイトの出版物に記載されているRohde & Schwarz GmbH & Co. KGおよびRohde & Schwarzの法人および子会社が、
ここで選択した手段 (電子メールまたは郵便メール) を通じて、マーケティングおよび広告目的 (特別キャンペーンや値引きに関する情報など) で、私に連絡することに同意します。その内容は、電子計測、セキュリティ通信、モニタリングおよびネットワークテスト、放送およびメディア、そしてサイバーセキュリティ分野の製品やソリューションを含みますが、上記に限定されるものではありません。

お客様の権利

この同意表明は、件名が"Unsubscribe"の電子メールをnews@rohde-schwarz.com宛に送信することにより、いつでも取り消すことができます。これに加えて、今後の電子メール広告の購読を停止するためのリンクが、送信されるすべての電子メールに記載されています。個人データの使用と取り消し手順の詳細は、「プライバシーステートメント」に記載されています。

お問い合わせ内容が送信されました。 後ほどご連絡致します。
An error is occurred, please try it again later.