18.01.2022 - With 881 reports, the NCSC recorded the highest number of reports in its history in the second week of 2022. The main reason was fake extortion emails in the name of prosecution authorities, which accounted for almost 40% of the reports. In addition, ransomware attacks continue to be a hot topic and an interesting case led the NCSC to the online gaming scene, where account data is being stolen via a phishing website.
Encryption attacks still topical in the new year
Reports of attacks with ransomware continue in the new year. Last week, several cases were reported to the NCSC. The paper manufacturer CPH and the car dealer Emil Frey AG were the most prominent victims, and an increasing number of encryptions using Qlocker were also reported. This shows once again how important it is for every company to implement basic protection measures against cyberattacks. This includes setting up a firewall, regularly installing updates and creating backups.
But even if a company is prepared for such cases, the recovery of its systems and data can take some time, especially identifying the vulnerability exploited by the attackers, and this can have a negative impact on its current day-to-day business. Therefore, in addition to implementing basic protection measures and raising employee awareness, companies should also develop an emergency plan. An emergency plan has the advantage that it also covers non-cyberincidents, such as fires and natural disasters.
- Review your backup concept and ensure that you always have offline copies
- Check your backups are correct by restoring them on a regular basis
- Create a contingency plan for IT system failures
- If you are affected by a ransomware attack: always report it to the police and use a specialised company to clean up the system
Further information:
Encryption malware – What next?
E-sport fans targeted
Today, playing computer games is primarily a team sport in which individual players from all over the world interact and compete with each other. Platforms such as Steam are used for this purpose. They allow games to be bought, players to chat with each other and scores to be uploaded. E-sports have long since freed themselves from their niche position and have developed into a serious branch of sport. Various tournaments entice players with high prize money. The Steam platform offers users the opportunity to register centrally, which is why most players join via this website.
Based on a report received, the NCSC was able to investigate a bogus gaming website. The perfidious feature of this website is that it ranks high in the search results on the Steam platform, making it very likely that people will fall for it.
The website gives the impression that a Steam account can be used to log in. The pop-up login page that appears looks like the Steam login page. So at first glance, everything looks correct and genuine. Only a closer look reveals that the platform is being used to intercept Steam users' account credentials.
A closer look shows that the URL in the window cannot be modified and has been fixed as an image so that it always displays a correct and valid encryption certificate.
The test with developer tools also shows the login credentials entered, although these should actually be transmitted in encrypted form and should therefore not be visible to external parties. The website itself was launched only a few days ago, but is already rated very low on various sites that assess trustworthiness.
- Be very careful where you enter your credentials
- You should be cautious if a new or previously unfamiliar website appears
- If you are not sure or there are signs of fraud, stop what you are doing
- Use search engines to find out what other users are saying about the website
Current statistics
Last week's reports by category:
Last modification 18.01.2022