For some time now, we have been observing a new wave of cyberattacks, which are particularly strong and primarily target critical infrastructures – especially the energy and healthcare sectors. In this context, a major cyberattack on the Romanian healthcare system came to light in February, in which 21 hospitals had to be taken offline following a ransomware attack.

However, a hacker attack on the software service provider PSI Software SE on 15 February 2024 reveals a new approach by cyber criminals: it is no longer just the operators of critical infrastructures themselves that are the focus of attackers, but also their service providers. As reported by Handelsblatt (see https://www.handelsblatt.com/unternehmen/energie/psi-software-hacker-legen-wichtigen-dienstleister-fuer-energieunternehmen-lahm/100015519.html), the impact of the attack on PSI Software is still unknown, but the company will take great care to ensure data integrity following this incident.

The Berlin-based company’s customers include numerous critical infrastructures such as well-known transport and energy companies. Instead of attacking these directly, cyber criminals now often target their service providers in order to gain access to the infrastructure of the critical infrastructure operators via interfaces to the customer. Compared to a single attack on the CRITIS operators themselves, the extent of the damage can be significantly increased if an attack on a service provider is successful. With this in mind, securing entire supply and value chains is once again of particular importance. This is explicitly required in the NIS2 Directive, among others.