District of Munich – Cyber attack on schools with phishing mail ahead – District of Munich
die Cyber attack on the Munich-Land media center, with which unknown persons paralyzed the data processing of 75 schools in the district of Munich and in the district of Berchtesgadener Land, was apparently started by a phishing mail to a school. The Munich district office, where the media center is located, is currently assuming this. According to authority spokeswoman Franziska Herr, the perpetrator or perpetrators gained access to the system of the official school administration (AVS) by taking over an account. For this reason and because of the provisional procedure, the existing security systems could not have registered the attack as such. The attack was discovered in the district office after a loss of performance occurred after a server restarted on its own. The process was analyzed more closely and the attack was noticed. All network connections were immediately disconnected.
Until the hacker attack on the facility a few days ago, only a few probably heard of the Munich-Land media center, which is a municipal facility of the district. The ASV, a cross-school administration program, was previously operated on the server of the media center for 55 schools in the district of Munich and – via administrative assistance – for 20 schools in the Berchtesgadener Land. The attackers encrypt data such as names and addresses with malware so that the schools no longer have access to them. The central task of the media center is actually to finance schools, kindergartens and other facilities for youth and adult education with media from the educational sector. It also organizes teacher training courses in media technology and media education.
Were the systems adequately protected? Was the district office prepared for such a cyber attack? Herr does not want to go into specific measures so as not to disclose the system. However, SIE points out that there are separate systems in the district office, including the administrative IT, the IT of the media center or systems provided by external service providers. Depending on the sensitivity of the data, the protection concepts also differ from one another. In the case of administrative IT, for example, there is a multi-level security system within which various protective mechanisms take effect at the same time. These security systems were also able to successfully fend off the constant volume of attacks from all parts of the world “thanks to intensive and continuous work for a long time”, as Herr says. The aim of the protective measures is to slow down the attackers for as long as possible and by all means. Employees of the district office would be monitored with regard to the impending dangers.
A school principal feels left alone
The district office was initially unable to say whether the employees of the schools were being prepared for possible phishing attacks and other attacks by the media center or the school authority, for example, because the relevant colleagues were busy repairing the damage, according to Herr. At least two schools contacted by the SZ are not really prepared for an attack. A headmistress from the district of Munich, who does not want to be named, says the media center said: “We secure everything and you don’t have to worry about anything.” The community’s IT department takes care of the network for the school , and also raise awareness that you have to be careful with mail attachments. Another principal confirms that the media center has assured that the data is safe. For this service you have also done, says the headmaster, who also wants to remain anonymous. So far the media center has done a good job. But now he feels left alone by the district office when it is hot, the infrastructure would not be made available and the data would not be restored. The attackers had left a message on the server via a .txt file with a demand for money and a request to contact an address via the dark web. According to its own statement, the district office does not comply with this.
The media center is not alone in the attack. According to the current situation report by the Federal Office for Security and Information Technology, the threat in cyberspace is greater than ever. After that, ransomware attacks, as well as on the media center, are the biggest threat. This refers to cyber attacks in which data is encrypted with the aim of extorting a ransom.