More than two years after a serious hacker attack on the IT system of the state of Carinthia, the Austrian Court of Audit (RH) has determined that further improvements are needed. At the end of 2023, “two-factor authentication for all IT workstations, full documentation of IT security measures implemented or a comprehensive IT emergency manual and increased IT security controls” were still lacking, according to a current RH report.
At the end of May 2022, the Carinthian state administration was completely paralyzed for days by the hacker attack, resulting in restrictions for months. The hackers entered the system via a phishing email and gained access to a file server. The group ‘Black Cat’ claimed responsibility for the attack, in which at least 250 gigabytes of data were accessed. The data came mainly from the offices of members of the Carinthian state government. About 80,000 master data sheets for settlement and residence permits, 4,000 contact details for event management and internal correspondence from members of government and employees were affected.
Data sold on the dark web
It was not possible to say exactly how much of the data was copied. However, part of the 5.6 gigabytes of data was published on the darknet. The hackers announced that they had resold the data because the country did not want to pay the demanded $5 million ransom. It is still unclear whether the data has actually been sold. A year ago, the Klagenfurt Public Prosecutor’s Office announced that the investigation had been stopped because there were no more clues to actively track down – everything they had done had come to nothing. Successful investigations into hacker attacks or online fraud are extremely rare, it was emphasized.
Since then, the investigation into the attack has been in full swing – the Court of Auditors has also been devoted to the matter. A report published on Friday stated that the state of Carinthia had already implemented IT security measures before the cyber attack, but this meant that the attack “could neither be detected nor prevented”: “The overall IT security management was incomplete.”
Following the cyber attack, the State of Carinthia took further steps to increase security, for example by making 5.75 million euros available for immediate and recovery measures. Furthermore, a “Rapid Response Team” was set up, a new firewall and DDoS protection were set up. “At the time of the Court’s investigation, other technical measures had also been completed, such as securing the network or securing the necessary IT services,” the RH said – but some measures were still missing.
As the state of Carinthia announced on Friday, comprehensive two-factor authentication has now been rolled out and is available on all devices. In addition, “the state IT is certified according to ISO 9001 and 27001 (information security)” and a valid certificate was issued in February for 2024: “This of course also includes the up-to-dateness of all security-related documentation such as a restart or an IT emergency manual.”
In the report, the RH also linked the DDoS attacks on the websites of Austrian parties and public institutions in the context of the 2024 National Council elections: “In addition to increasing IT security, cooperation with federal authorities and cyber committees are also important. essential for the effects of “Preventing cyber attacks or keeping them as low as possible.”
Source: Krone
I am Wallace Jones, an experienced journalist. I specialize in writing for the world section of Today Times Live. With over a decade of experience, I have developed an eye for detail when it comes to reporting on local and global stories. My passion lies in uncovering the truth through my investigative skills and creating thought-provoking content that resonates with readers worldwide.
