Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Germany. Show all posts
Spain
Black Axe Gang Cyber Crime Europe Europol Germany Spain

Europol Cracks Down Gang Responsible for Cyber Crime Worth Billions


Europol’s joint operation to crackdown international gang

Europol recently arrested 34 people in Spain who are alleged to have a role in a global criminal gang called Black Axe. The operation was conducted by Spanish National Police and Bavarian State Criminal Police Office and Europol. 

Twenty eight individuals were arrested in Seville, three in Madrid and two in Malaga, and the last one in Barcelona. Among the 34 suspects, 10 individuals are from Nigeria. 

“The action resulted in 34 arrests and significant disruptions to the group's activities. Black Axe is a highly structured, hierarchical group with its origins in Nigeria and a global presence in dozens of countries,” Europol said in a press release on its website. 

About Black Axe 

Black Axe is infamous for its role in various cyber crimes like frauds, human trafficking, prostitution, drug trafficking, armed robbery, kidnapping, and malicious spiritual activities. The gang annually earns roughly billions of euros via these operations that have a massive impact. 

Officials suspect that Black Axe is responsible for fraud worth over 5.94 million euros. During the operation, the investigating agencies froze 119352 euros in bank accounts and seized 66403 euros in cash during home searches. 

The crackdown 

Germany and Spain's cross-border cooperation includes the deployment of two German officers on the scene on the day of action, the exchange of intelligence, and the provision of analytical support to Spanish investigators. 

The core group of the organized crime network, which recruits money mules in underprivileged communities with high unemployment rates, was the objective of the operation. The majority of these susceptible people are of Spanish nationality and are used to support the illegal activities of the network.

Europol's key role

Europol provided a variety of services to help this operation, such as intelligence analysis, a data sprint in Madrid, and on-the-spot assistance. Mapping the organization's structure across nations, centralizing data, exchanging important intelligence packages, and assisting with coordinated national investigations have all been made possible by Europol. 

In order to solve the problems caused by the group's scattered little cases, cross-border activities, and the blurring of crimes into "ordinary" local offenses, this strategy seeks to disrupt the group's operations and recover assets.



Read more »
threats
Automation Cyber Security Cybersecurity Germany Recruitment Shortage threats

Germany’s Cyber Skills Shortage Leaves Companies Exposed to Record Cyberattacks

 

Germany faces a critical shortage of cybersecurity specialists amid a surge in cyberattacks that caused record damages of €202.4 billion in 2024, according to a study by Strategy&, a unit of PwC. The study found that nine out of 10 organizations surveyed reported a shortage of cybersecurity experts, a sharp increase from two-thirds in 2023. 

Key institutions such as German air traffic control, the Federal Statistical Office, and the Society for Eastern European Studies were targeted by foreign cyberattacks, highlighting the nation’s digital vulnerability. Russia and China were specifically identified as significant cyber threats.

The overall damage to German organizations from cyber-related incidents in 2024 reached €267 billion, with cyberattacks themselves accounting for about €179 billion. Other forms of damage included theft of data, IT equipment, and various acts of espionage and sabotage. Despite the growing threat, the recruitment landscape for cybersecurity roles is bleak.

Only half of the public sector's job ads for cybersecurity specialists attracted more than 10 applicants, and a decline in applications has been noted. Over two-thirds of organizations reported that applicants either partially met or failed to meet the qualifications, with notable gaps in knowledge about cybersecurity standards and data protection.

The most acute shortage exists in critical roles such as risk management, where 57% of respondents identified major gaps in positions responsible for recognizing and responding to cyber threats. Financial constraints pose another barrier to hiring, especially in the public sector, where 78% cited budget issues as a reason for not filling positions, compared to 48% in the private sector. 

Low pay contributes significantly to high staff turnover. Many experts in urgent demand in the public sector are moving to tech companies offering better salaries, exacerbating the problem. The study also revealed that only about 20% of organizations have strategically employed AI to alleviate staff shortages. Experts recommend using bonuses, allowances, outsourcing, and automation to retain talent and improve efficiency. 

Without these interventions, the study warns that bottlenecks in security-critical roles will persist, potentially crippling the ability of institutions to operate and jeopardizing Germany’s overall digital resilience. Strengthening cyber expertise through targeted incentives and international recruitment is urgent to counter these growing challenges. This situation poses a serious risk to the country's cybersecurity defenses and operational readiness .
Read more »
insurance
Akira Bitcoin Customer Data Cyber Attacks Germany insurance

German Mobile Insurance Giant Falls After Devastating Ransomware Attack

 



A cyberattack has brought down one of Germany’s largest phone insurance and repair networks, forcing the once-thriving Einhaus Group into insolvency. The company, which at its peak generated around €70 million in annual revenue and partnered with big names such as Deutsche Telekom, Cyberport, and 1&1, has been unable to recover from the financial and operational chaos that followed the attack.


The Day Everything Stopped

In March 2023, founder Wilhelm Einhaus arrived at the company’s offices to an unsettling sight. Every printer had churned out the same note: “We’ve hacked you. All further information can be found on the dark web.” Investigations revealed the work of the hacking group known as “Royal.” They had infiltrated the company’s network, encrypting all of its core systems, the very tools needed to process claims, manage customer data, and run daily operations.

Without these systems, business ground to a halt. The hackers demanded around $230,000 in Bitcoin to unlock the computers. Facing immediate and heavy losses, and with no way to operate manually at the same scale, Einhaus Group reportedly agreed to pay. The financial damage, however, was already severe, estimated in the multi-million-euro range. Police were brought in early, but the payment decision was made to avoid even greater harm.


Desperate Measures to Stay Afloat

Before the attack, the company employed roughly 170 people. Within months, more than 100 positions were cut, leaving only eight employees to handle all ongoing work. With so few staff, much of the processing had to be done by hand, slowing operations dramatically.

To raise funds, the company sold its headquarters and liquidated various investments. These moves bought time but did not restore the business to its former state.


Seized Ransom, But No Relief

In a twist, German authorities later apprehended three suspects believed to be linked to the “Royal” group. They also seized cryptocurrency valued in the high six-figure euro range, suspected to be connected to the ransom payments.

However, Einhaus Group has not received its money back. Prosecutors have refused to release the seized funds until investigations are complete — a process that could take years. Other ransomware victims in Germany are in the same position, with no guarantee they will ever recover the full amount.


Final Stages of the Collapse

Three separate companies tied to the Einhaus Group have now formally entered insolvency proceedings. While liquidation is a strong possibility, founder Wilhelm Einhaus, now 72, insists he has no plans to retire. If the business is dissolved, he says he will start again from scratch.

The Einhaus case is not unique. Just recently, the UK’s 158-year-old transport company Knights of Old collapsed after a ransomware attack by a group known as “Akira,” leaving 700 people jobless. Cyberattacks are increasingly proving fatal to established businesses not just through stolen data, but by dismantling the very infrastructure needed to survive.


Read more »
malware
Backdoor Badbox BSI Germany malware

Germany Warns of Pre-Installed Malware on 30,000 Devices

 

Earlier this week, Germany's cybersecurity office issued a warning about at least 30,000 internet-connected devices across the nation being compromised by pre-installed malware known as BadBox.

The Federal Office for Information Security (BSI) announced that it had successfully halted communication between the infected devices and the hackers' control servers, preventing further damage. However, devices with outdated software remain at significant risk.

BadBox: A Threat to Low-Cost Devices

The hacker group behind BadBox primarily targets Android devices by embedding malicious code into their firmware. Affected devices include:

  • Smartphones
  • Tablets
  • Connected TV streaming boxes

BadBox’s operators focus on low-cost devices distributed through online merchants or resale platforms. These devices come pre-installed with Triada malware, which opens a backdoor, enabling attackers to:

  • Remotely control the device
  • Inject new software
  • Perform illegal actions

Capabilities of the BadBox Malware

BSI discovered that the malware on compromised devices, such as digital photo frames and streaming gadgets, can discreetly:

  • Generate email and messenger accounts
  • Propagate fake news
  • Commit advertising fraud
  • Act as a proxy for cyberattacks or illegal content distribution

BSI’s Countermeasures

German cyber officials employed a technique known as sinkholing to redirect traffic from infected devices to secure servers, effectively limiting hackers' access. Additionally, the BSI mandated that all German internet service providers (ISPs) with over 100,000 subscribers reroute BadBox traffic to its sinkhole.

The BSI refrained from naming the manufacturers of the compromised devices but advised consumers who received warnings from authorities to disconnect or cease usage of the affected products immediately.

BSI President Claudia Plattner reassured consumers, stating: "There is no immediate danger for these devices as long as the BSI maintains the sinkholing measure. Malware on internet-enabled products is unfortunately not a rare phenomenon. Outdated firmware versions, in particular, pose a huge risk."

Plattner also stressed the need for collective action: "We all have a duty here: manufacturers and retailers have a responsibility to ensure that such devices do not come onto the market."

Takeaways for Consumers

To protect against threats like BadBox, consumers should:

  • Ensure devices are updated with the latest firmware
  • Purchase devices only from reputable manufacturers
  • Stay vigilant about warnings from cybersecurity authorities

As malware threats continue to evolve, proactive measures and industry accountability remain essential in safeguarding digital ecosystems.

Read more »
Germany
botnet Golang C2 Server Cyber Security Cyber Threats DDOS Attack DNS Germany

New Golang-Based Botnet 'Zergeca' Discovered


 

Researchers at QiAnXin XLab have found a new and dangerous botnet called Zergeca. This botnet, written in the Go programming language (Golang), can launch powerful distributed denial-of-service (DDoS) attacks, which can overwhelm and shut down targeted websites or services.

How Zergeca Was Discovered

In May 2024, researchers came across a suspicious file uploaded from Russia to a security website called VirusTotal. This file, located at /usr/bin/geomi, had a unique identifier but wasn't marked as harmful. Another similar file was uploaded from Germany on the same day. This led experts to discover that these files were part of a new botnet, which they named Zergeca, inspired by a string in its code that reminded them of the Zerg creatures from the video game StarCraft.

Zergeca is capable of six different types of DDoS attacks. It also has additional features, such as acting as a proxy, scanning networks, upgrading itself, staying persistent on infected devices, transferring files, providing remote access, and collecting sensitive information from compromised devices. One unique aspect of Zergeca is its use of multiple DNS resolution methods, preferring DNS over HTTPS (DoH) for communicating with its command and control (C2) server. It also uses an uncommon library called Smux for encrypted communication.

The C2 server used by Zergeca has been linked to at least two other botnets named Mirai since September 2023. This suggests that the creator of Zergeca has prior experience with running botnets.

Between early and mid-June 2024, Zergeca was used to carry out DDoS attacks on organisations in Canada, the United States, and Germany. The primary attack method used was known as ackFlood. Victims of these attacks were spread across multiple countries and different internet networks.

Zergeca operates through four main modules: persistence, proxy, silivaccine, and zombie. The persistence module ensures the botnet stays active on infected devices, while the proxy module manages proxying tasks. The silivaccine module removes any competing malware, ensuring that Zergeca has full control of the device. The zombie module is the most critical, as it carries out the botnet's main functions, including DDoS attacks, scanning, and reporting information back to the C2 server.

To stay active, Zergeca adds a system service called geomi.service on infected devices. This service ensures that the botnet process restarts automatically if the device reboots or the process is stopped.

Researchers have gained insights into the skills of Zergeca’s creator. The use of techniques like modified file packing, XOR encryption, and DoH for C2 communication shows a deep understanding of how to evade detection. The implementation of the Smux protocol demonstrates advanced development skills. Given these abilities, researchers expect to see more sophisticated threats from this author in the future.

The discovery of Zergeca highlights the increasing intricacy of cyber threats. Organisations must remain vigilant and adopt strong security measures to protect against such advanced attacks. The detailed analysis of Zergeca provides valuable information on the capabilities and tactics of modern botnets, emphasising the need for continuous monitoring and proactive defence strategies in cybersecurity.


Read more »
Worldcoin project
Biometric data Data Protection Supervision Germany Iris scan OpenAI Privacy Worldcoin Worldcoin project

Germany Admits Investigating Worldcoin’s Eye-Scanning Orb

Privacy issues with the Worldcoin cryptocurrency project, a venture by OpenAI CEO Sam Altman has been in talks since the announcement of its official launch. Several countries have now started considering its potential threats and are looking into the issue with much significance. 

Adding to this, Germany became the third European country ato admit investigating Worldcoin, after France and the US. Thereby, it seems like it would be tough regulatory road ahead for the venture.

The head of Bavarian State Office for Data Protection Supervision, Germany's data watchdog, recently noted that that they have been investigating Worldcoin since November 2022 over suspicion of the venture’s potential of accessing "sensitive data at a very large scale."

Despite being officially launched just last week, Worldcoin continues collecting iris scans from individuals all over the world for the past two years to add to its database. The company claims that this will enable users to verify their identity as humans in the developing age of artificial intelligence by connecting human identity to specific biometric data. While there is hint of intrigue in the project’s idea, it has raised concerns of the critiques. 

For instance, when reporters were dispatched to the project to have their irises scanned, Gizmodo and Futurism both reported that Orb operators did not ask for any prior identification or confirmation that participants are who they claim to be. In the underdeveloped world, participants in the project's pilot program have expressed feeling duped by the trade. Furthermore, since a blockchain is involved, it is unclear whether an individual can ask to have their data removed from the company's database.

However, neither these European data watchdogs nor Ethereum co-founder Vitalik Buterin, whose blockchain Worldcoin relies on, are persuaded that this type of "proof-of-personhood" venture is ready for a widespread adoption.

In a blog post regarding Worldcoin, Buterin claimed that "if even one Orb manufacturer is malicious or hacked, it can generate an unlimited number of fake iris scan hashes, and give them World IDs."

This only leads us to one conclusion, we will not be convinced until Worldcoin reveals what exactly they do with the collected data.

Read more »
Illegal spying
COP27 Cyber Security Egypt Germany Human rights Illegal spying

Germany Accuses Egypt of Spying at COP27

 

German officials have lodged a complaint with the Egyptian government over covert surveillance by the country’s security agents at the COP27 World Climate Conference. 

According to the German Press Agency (DPA), the host country’s security agents have secretly monitored, photographed, and filmed events held at the German pavilion inside the summit venue in the Red Sea resort of Sharm el Sheikh. 

Prior to the incident on November 12, German police warned its speakers of potential security threats that could arise from their participation at the conference. 

"We expect all participants in the U.N. climate conference to be able to work and negotiate under safe conditions. This is not just true for the German but for all delegations, as well as representatives of civil society and the media," Germany's Foreign Ministry issued a statement following the security breach incident. 

Egypt Thwarts Spying Accusations 

Egyptian security sources thwarted the claims, telling DPA that personnel was only present for the safeguarding of foreign seminars and activities for the UN team, and their role as Egyptians was limited to security outside the halls and in the city. 

However, delegations from multiple nations told DPA that Egyptian security personnel had been forced on being a part of closed sessions as well. 

"It is very obvious that the Egyptian authorities are monitoring human rights activities. The only reason they haven't used physical violence yet is that we're in an UN-controlled area," Hossam Bahgat, founder of the Egyptian human rights organization EIPR, stated. 

The UN also acknowledged that some security agents were from the national police and said it was investigating the complaints.

Egypt's shady history 

The issue of Human rights has always been a matter of discussion in Egypt, with President Abdel Fattah al-Sisi's government accused of holding a tight grip on the Middle East nation. 

According to multiple media reports, thousands of individuals, including human rights activists, journalists, students, opposition politicians, businesspeople, and peaceful protesters have been arbitrarily detained. 

Many dissenters are subjected to unfair trials and mistreatment or torture by the Egyptian government. Due to deplorable prison conditions, many have fallen sick and even died. To safeguard the rights of these individuals, neither Human Rights Watch (HRW) nor Amnesty has offices in Egypt. However, a ban on the HRW website, in place for years, was only lifted a few days ago.
Read more »
Phishing and Spam
Arrests Cyber Fraud Cyber Phishing Germany hacker arrested Mobile Phishing phishing Phishing and Spam

Germany: Individual Hacker Arrested for Stealing € 4 Million via Phishing Attacks

 

Germany’s federal criminal police, Bundeskriminalamt (BKA) carried out home raids on three suspects for executing a large-scale phishing campaign, defrauding internet users of €4 million. The phishing campaign was carried out by the charged suspects between October 3, 2020, and May 29, 2021, as per the evidence gathered by the German Computer Crime Office. 

One of the three suspects, a 24-year-old, has been arrested and charged by the BKA, the second, a 40-year-old, has also been charged with 124 acts of computer fraud, while the investigation for the third suspect is still ongoing.  

The hackers allegedly defrauded their victims by imitating as legitimate German banks and sending them phishing e-mails that were clones of messages from some real banks.  

“These e-mails were visually and linguistically believable based on real bank e-mails. The victims were informed in these letters that their house bank would change their security system – and their own account would be affected [...] The e-mail recipients were thus tricked into clicking on a link, which in turn led to a deceptively real-looking bank page. There, the phishing victims were asked to enter their login data and a current TAN, which in turn enabled the fraudsters to see all the data in the account of the respective victim – including the amount of credit and availability. The perpetrators then contacted the victims and tricked them into revealing further TAN numbers as alleged bank employees. With the TAN, they were then able to withdraw funds from the accounts of the victims.” reads the statement issued by BKA. 

The phishing emails reportedly informed the internet users of the changes in their respective bank’s security systems, beseeching the victims to click on an embedded link to continue using the bank’s services. The links redirected victims to a landing page, asking them to enter their credentials and Transaction Authentication Number (TAN), allowing the hackers access to their online banking accounts and withdrawal funds.  

According to the BKA, the hackers even used DDoS against the banks to conceal their fraudulent transactions. "In order to carry out their crimes, the accused are said to have resorted to offers from other cybercriminals who worked on the dark net, selling various forms of cyber-attacks as crime-as-a-service." BKA stated in an announcement. 

In regard to the active cases of phishing attacks and online fraud, the police urged internet users to take certain cautionary measures, such as never clicking a link or opening file attachments in emails that appear to be from a legitimate bank. If in doubt, the users are recommended to contact their banks personally or obtain information from the bank’s respective websites.
Read more »
Subscribe to: Comments (Atom)