The cyber attack on the Munich-Land media center, with which unknown persons paralyzed the data processing of 75 schools in the Munich and Berchtesgadener Land districts, was apparently started by a phishing mail to a school. The Munich district office, where the media center is located, is currently assuming this. According to authority spokeswoman Franziska Herr, the perpetrator or perpetrators gained access to the system of the official school administration (AVS) by taking over an account. For this reason and due to the professional approach, the existing security systems could not have registered the attack as such. The attack was discovered in the district office after a loss of performance occurred after a server restarted on its own. The process was analyzed more closely and the attack was noticed. All network connections were immediately disconnected.
Until the hacker attack on the facility a few days ago, only a few probably heard of the Munich-Land media center, which is a municipal facility of the district. The ASV, an administration program covering all types of schools, has been operated on the server of the media center for 55 schools in the district of Munich and – via administrative assistance – for 20 schools in the Berchtesgadener Land. The attackers encrypt data such as names and addresses with malware, making them inaccessible to the schools. The central task of the media center is actually to supply schools, kindergartens and other facilities for youth and adult education with educational media. It also organizes teacher training courses in media technology and media education.
Were the systems adequately protected? Was the district office prepared for such a cyber attack? Herr does not want to go into specific measures so as not to disclose the system. However, she points out that there are separate systems in the district office, including the administrative IT, the IT of the media center or systems provided by external service providers. Depending on the sensitivity of the data, the protection concepts also differ from one another. In the case of administrative IT, for example, there is a multi-level security system within which various protective mechanisms are active at the same time. These security systems were also able to successfully fend off the constantly increasing number of attacks from all parts of the world “thanks to intensive and continuous work for a long time”, as Herr says. The aim of the protective measures is to slow down the attackers for as long as possible and with a wide variety of means. Employees of the district office would be trained regarding the impending dangers.
A school principal feels left alone
The district office was initially unable to say whether the employees of the schools were being prepared for possible phishing attacks and other attacks by the media center or the school authority, for example, because the relevant colleagues were busy repairing the damage, according to Herr. In at least two schools contacted by the SZ, they did not feel really prepared for an attack. A school principal from the district of Munich, who does not want to be named, says the media center said: “We secure everything and you don’t have to worry about anything.” The municipality’s IT department takes care of the school’s network and also raises awareness of the need to be careful with e-mail attachments. Another principal confirms that the media center has assured that the data is safe. You also paid for this service, says the headmaster, who also wants to remain anonymous. So far the media center has done a good job. But now he feels left alone by the district office when it says that the infrastructure will not be made available and the data will not be restored. The attackers had left a message on the server via a .txt file with a demand for money and a request to contact an address via the dark web. According to its own statement, the district office does not comply with this.
The media center is not alone in the attack. According to the current situation report by the Federal Office for Security and Information Technology, the threat in cyberspace is greater than ever. After that, ransomware attacks, as well as on the media center, are the biggest threat. This refers to cyber attacks in which data is encrypted with the aim of extorting a ransom.