With its report on the situation of IT security in Germany, the Federal Office for Information Security (BSI) presents its comprehensive overview of the threats in cyberspace. This year's report is also in the context of the Russian war of aggression in Ukraine.
Overall, the already tense situation worsened in the reporting period. The threat in cyberspace is higher than ever. As in the previous year, a high threat of cybercrime was observed in the reporting period. There were also various threats related to the Russian war of aggression against Ukraine.
Russian war of aggression against Ukraine
So far, there has been an accumulation of minor incidents and hacktivism campaigns in Germany in connection with Russia's war of aggression against Ukraine. Examples of this were the failure of remote maintenance in German wind turbines after the attack on a satellite communications company and a hacktivism attack on German mineral oil dealers with a Russian parent company. A comprehensive attack campaign against German targets was not evident. In contrast, the situation in the cyberspace of NATO partners was sometimes tense and sometimes life-threatening in Ukraine.
Cyber extortion remains one of the biggest threats
Ransomware remained the main threat, especially for businesses. The expansion of extortion methods in cyberspace observed in the past reporting period has continued in the current reporting period. In particular, the so-called big game hunting, i.e. the blackmailing of high-revenue companies with encrypted and exfiltrated data, has continued to increase. Both the ransom and hush money payments reported by IT security service providers and the number of victims whose data was published on leak sites due to non-payment, for example, have continued to rise. The momentous attack on a district administration in Saxony-Anhalt clearly shows that not only companies are the target of ransomware attacks: For the first time, a cyber attack caused a disaster. Citizen-related services were unavailable or only partially available for more than 207 days.
Number of vulnerabilities continues to grow
In 2021, ten percent more vulnerabilities in software products became known than in the previous year. More than half of them had high or critical Common Vulnerability Scoring System (CVSS) scores. 13 percent of the vulnerabilities were rated as critical. One of them is the vulnerability in Log4j, as it was in many freely available software modules. It was therefore generally difficult for IT security officers to assess whether the software they were using had the vulnerability. Due to the widespread use of Log4j, a large target for cyber attacks was to be assumed.
DDoS attacks and Advanced Persistent Threats (APT) are on the rise
In the current reporting period, attacks on perimeter systems such as firewalls or routers increased. While targeted APT attacks using malware in e-mails usually require a great deal of effort, perimeter systems can be reached directly from the Internet, are comparatively poorly protected and are therefore more easily attacked. More and more APT groups are scanning the Internet for known vulnerabilities in perimeter systems that have not yet been patched in order to be able to target them.
According to reports from various mitigation service providers, the number of distributed denial of service attacks (DDoS attacks) has also continued to increase. For example, the German service provider Link11 recorded an increase in DDoS attacks of around 2021 percent in 41 compared to the previous year. In particular, around the annual online shopping event Cyber Week and in the run-up to Christmas, noticeably more attacks were observed. Around Cyber Week 2021, the number of DDoS attacks doubled compared to Cyber Week 2020.
Complete report at BSI.bund.de
About the Federal Office for Information Security (BSI) The Federal Office for Information Security (BSI) is the federal cyber security authority and the creator of secure digitization in Germany. The guiding principle: As the federal cyber security authority, the BSI designs information security in digitization through prevention, detection and reaction for the state, economy and society.