Cyber Incident Victim: Stadtverwaltung Bad Kreuznach
Date:
Mar 2023
Location:
Germany
Summary
A cyberattack targeting the Bad Kreuznach municipal IT infrastructure disrupted online services, including the council information system, appointment scheduling, and vehicle registration, temporarily rendering the city website inaccessible. The hosting provider successfully repelled the attack after taking the homepage offline for mitigation. The incident prompted plans to bolster cybersecurity through increased investment in a managed detection and response system featuring round-the-clock monitoring, aiming to minimize future operational risks such as prolonged service outages affecting welfare payments, emergency services, utilities, and administrative functions.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On March 2, 2023, around 9:30 a.m., a cyber attack targeted the IT infrastructure of Stadtverwaltung Bad Kreuznach, disrupting access to the city’s official domain, bad-kreuznach.de. The hosting provider confirmed the attack caused immediate service outages, rendering the city homepage inaccessible and disabling critical municipal functions. These disruptions affected the council information system, online appointment scheduling at the residents’ registration office, and digital vehicle registration services, which remained unavailable during the incident. Technical staff worked to isolate the threat, with intermittent service restorations occurring briefly before the attack forced another shutdown for containment. By approximately 9:00 a.m. on March 3, the provider successfully neutralized the attack and restored full functionality after a nearly 24-hour outage. The incident underscored vulnerabilities in the city’s digital infrastructure, particularly given its reliance on external hosting services for core operations.
In response to the attack, Stadtverwaltung Bad Kreuznach accelerated plans to enhance cybersecurity, proposing an emergency budget increase of €125,000 during a joint committee meeting on March 3. This funding reallocation—from outdoor facility maintenance—would raise the city’s annual IT security investment from €40,000 to €165,000, equating to €149 per endpoint device across its 1,110-device network, up from €36. The measure aimed to implement a Managed Detection and Response (MDR) system, including a 24/7 Security Operations Center for continuous threat monitoring, attack detection, and incident response coordination. Municipal authorities emphasized the urgency, citing consensus among German cybersecurity experts that municipal cyber attacks are inevitable, with ransomware posing severe risks to welfare payments, fire services, wastewater management, and general administration. The city had previously initiated an IT review in late 2022, which informed this strategic shift toward proactive threat mitigation and resilience against prolonged operational disruptions.