image-2019-10-30-10-41-06-531.png

BSI Management Report on IT Security in Germany 2019: Danger especially for public authorities

According to the Federal Office for Information Security (BSI), the current threat situation in Germany is "highly strained". Particularly explosive for society as a whole: While corporations and institutes were once the target of attack, more and more public institutions are now among the victims of malicious software.

BSI President Arne Schoenbohm presented the report (in German) in Berlin and spoke of a "high-risk situation". The reporting period in the management report will be from June 2018 until the end of May 2019. During this time, BSI staff identified 114 million new variants of malicious programs. German network operators were informed about 11.5 million reports of infections. In government networks of the Federal Republic one could intercept 770,000 defective mails during the period. 300,000 malicious programs are added each day, many of which are based on Emotet.

The BSI considers Emotet to be a particularly dangerous threat within IT security. Recent reports from a highest court and a medical school show how fatal such an attack can be for the facilities. The damage history is not detected for a long time, because by the time the infected system detects the malicious program, contacts from the address books and content from emails could have been read out over many weeks and the malicious code could have been distributed. Deceptively real-looking news from the well-known distribution lists then contain the malware, which recharges programs that are malicious.

Emotet sends deceptively real-looking mails | Outlook Harvesting

What is termed "Outlook Harvesting" is nothing more than the broad, campaign-driven distribution of spam. In the worst case, planned and disguised so well that addressees receive messages that relate directly to previous, authentic communication with colleagues, business partners or people from the family or the circle of acquaintances. These authentic-looking messages with partly highly specialized content are hardly recognizable for recipients who are not sensitized to the subject. File names are deceptively real and malicious links are simply not recognized as such.

The main danger posed by Emotet is that by downloading malicious programs not only logins are read, but in the worst case remote access to the network can be established. Common antivirus protection is usually ineffective against such attacks, as the malware is permanently modified and updated - but antivirus programs can only fend off known attackers. For example, the BSI recently informed that Emotet reloaded modules that made online banking manipulatable. With these blackmail Trojans (also: ransomware) partly large sums of ransom money are demanded - and until the system is cleaned up, at worst the production or the entire operation is paralyzed.

BSI President Arne Schoenbohm already reported to Emotet about a year ago: "Appropriate prevention can significantly reduce the risk of infection with Emotet." This is reflected in the protection measures from the Alliance for cybersecurity (in German) that you can take.

Protection from Emotet | How to protect your organization and your business

1. Sensitize your employees of the dangers of malicious email attachments and broken links. Ideally, conduct regular training sessions in which you circulate fake messages of known senders that look as authentic as possible. Establish a process in which every user knows to whom conspicuous messages have to be reported.

2. Employee accounts should only be equipped with minimum rights.

3. Make sure that applications, anti-virus programs, and operating systems - ideally automated - are updated. Important are browsers, their plug-ins, mail clients, office applications and PDF programs.

4. Make regular (offline) backups and set schedules for restoring data.

5. Monitor anomalies using automated and manual monitoring.

6. Separate your network according to application areas, so that the client and server are detached from the production.

A particularly comprehensive and effective solution for protection against malicious software is the separation of the operating system from the browser. The network is proactively protected against ransomware, zero-day exploits, ATPs and Trojans, and dangerous links are no longer a threat.

Since browsers and operating systems no longer have direct hardware access, attackers of any kind cannot attack the computer and the local network.

Request information

Do you have questions or need additional information? Simply fill out this form and we will get right back to you.

Marketing permission

I want to receive information from Rohde & Schwarz via

What does this mean in detail?

I agree that Rohde & Schwarz GmbH & Co. KG and the Rohde & Schwarz entity or subsidiary company mentioned in the imprint of this website, may contact me via the chosen channel (email or postal mail) for marketing and advertising purposes (e.g. information on special offers and discount promotions) related to, but not limited to, products and solutions in the fields of test and measurement, secure communications, monitoring and network testing, broadcast and media, and cybersecurity.

Your rights

This declaration of consent may be withdrawn at any time by sending an email with the subject "Unsubscribe" to news@rohde-schwarz.com. Additionally, a link to unsubscribe from future email advertisements is contained in each email sent. Further details on the use of personal data and the withdrawal procedure are set out in the Statement of Privacy.

Your request has been sent successfully. We will contact you shortly.
An error is occurred, please try it again later.