BSI: IT Security in Germany 2022 - Management Report

30 October 2022
| No comments
B2B Cyber ​​Security ShortNews

Share post

With its report on the situation of IT security in Germany, the Federal Office for Information Security (BSI) presents its comprehensive overview of the threats in cyberspace. This year's report is also in the context of the Russian war of aggression in Ukraine.

Overall, the already tense situation worsened in the reporting period. The threat in cyberspace is higher than ever. As in the previous year, a high threat of cybercrime was observed in the reporting period. There were also various threats related to the Russian war of aggression against Ukraine.

Russian war of aggression against Ukraine

So far, there has been an accumulation of minor incidents and hacktivism campaigns in Germany in connection with Russia's war of aggression against Ukraine. Examples of this were the failure of remote maintenance in German wind turbines after the attack on a satellite communications company and a hacktivism attack on German mineral oil dealers with a Russian parent company. A comprehensive attack campaign against German targets was not evident. In contrast, the situation in the cyberspace of NATO partners was sometimes tense and sometimes life-threatening in Ukraine.

Cyber ​​extortion remains one of the biggest threats

Ransomware remained the main threat, especially for businesses. The expansion of extortion methods in cyberspace observed in the past reporting period has continued in the current reporting period. In particular, the so-called big game hunting, i.e. the blackmailing of high-revenue companies with encrypted and exfiltrated data, has continued to increase. Both the ransom and hush money payments reported by IT security service providers and the number of victims whose data was published on leak sites due to non-payment, for example, have continued to rise. The momentous attack on a district administration in Saxony-Anhalt clearly shows that not only companies are the target of ransomware attacks: For the first time, a cyber attack caused a disaster. Citizen-related services were unavailable or only partially available for more than 207 days.

Number of vulnerabilities continues to grow

🔎 BSI report on the situation of IT security in Germany 2022. The most important key figures (Image: BSI).

In 2021, ten percent more vulnerabilities in software products became known than in the previous year. More than half of them had high or critical Common Vulnerability Scoring System (CVSS) scores. 13 percent of the vulnerabilities were rated as critical. One of them is the vulnerability in Log4j, as it was in many freely available software modules. It was therefore generally difficult for IT security officers to assess whether the software they were using had the vulnerability. Due to the widespread use of Log4j, a large target for cyber attacks was to be assumed.

DDoS attacks and Advanced Persistent Threats (APT) are on the rise

In the current reporting period, attacks on perimeter systems such as firewalls or routers increased. While targeted APT attacks using malware in e-mails usually require a great deal of effort, perimeter systems can be reached directly from the Internet, are comparatively poorly protected and are therefore more easily attacked. More and more APT groups are scanning the Internet for known vulnerabilities in perimeter systems that have not yet been patched in order to be able to target them.

According to reports from various mitigation service providers, the number of distributed denial of service attacks (DDoS attacks) has also continued to increase. For example, the German service provider Link11 recorded an increase in DDoS attacks of around 2021 percent in 41 compared to the previous year. In particular, around the annual online shopping event Cyber ​​Week and in the run-up to Christmas, noticeably more attacks were observed. Around Cyber ​​Week 2021, the number of DDoS attacks doubled compared to Cyber ​​Week 2020.

Complete report at BSI.bund.de

 

About the Federal Office for Information Security (BSI)

The Federal Office for Information Security (BSI) is the federal cyber security authority and the creator of secure digitization in Germany. The guiding principle: As the federal cyber security authority, the BSI designs information security in digitization through prevention, detection and reaction for the state, economy and society.

 

Matching articles on the topic

Report: 40 percent more phishing worldwide

The current spam and phishing report from Kaspersky for 2023 speaks for itself: users in Germany are after ➡ Read more

BSI sets minimum standards for web browsers

The BSI has revised the minimum standard for web browsers for administration and published version 3.0. You can remember that ➡ Read more

Stealth malware targets European companies

Hackers are attacking many companies across Europe with stealth malware. ESET researchers have reported a dramatic increase in so-called AceCryptor attacks via ➡ Read more

IT security: Basis for LockBit 4.0 defused

Trend Micro, working with the UK's National Crime Agency (NCA), analyzed the unpublished version that was in development ➡ Read more

MDR and XDR via Google Workspace

Whether in a cafe, airport terminal or home office – employees work in many places. However, this development also brings challenges ➡ Read more

Test: Security software for endpoints and individual PCs

The latest test results from the AV-TEST laboratory show very good performance of 16 established protection solutions for Windows ➡ Read more

AI on Enterprise Storage fights ransomware in real time

NetApp is one of the first to integrate artificial intelligence (AI) and machine learning (ML) directly into primary storage to combat ransomware ➡ Read more

FBI: Internet Crime Report counts $12,5 billion in damage 

The FBI's Internet Crime Complaint Center (IC3) has released its 2023 Internet Crime Report, which includes information from over 880.000 ➡ Read more

Short news
, , , , , ,