BSI Report: Growing Resilience Against Sophisticated Attacks

3 min read

While cyberattacks are becoming more professional and aggressive, states, economies, and societies are also becoming more resilient. This sums up the new BSI IT Security Report for Germany, presented in November 2024.

BSI President Claudia Plattner and Federal Minister of the Interior Nancy Faeser presented the new BSI IT Security Report at a joint federal press conference on November 12, 2024. They described the cybersecurity situation as further tense but also expressed hope that states, economies, and societies are doing more to increase their resilience against cyberattacks.

“In particular, ransomware, espionage, and disinformation threaten our prosperity and endanger our democracy,” warns Plattner, adding in a press release from her office: “But: We are not defenceless against these threats! We clearly see that the protective measures are working and we are able to effectively counter the attacks. Therefore, we must not ease up now but must further increase our resilience in a nationwide effort. In this context, it is crucial to implement the NIS-2 Directive as national law as soon as possible.”

Attackers are becoming more professional

As the BSI report highlights, cybercriminals have professionalized their methods, are technologically up-to-date, and are acting increasingly aggressively. The BSI has observed this trend towards the increasing professionalization of attackers for years.

The threat situation from botnets remains high, according to the report. The Federal Office is concerned about the increasing number of internet-connected IoT devices and other devices, which often have short support cycles and thus leave vulnerabilities open. This allows cybercriminals with relatively few technical resources to infect systems to build their own botnets.

Sharp Increase in Malware and Ransomware According to BSI Report

The BSI reports a sharp rise in malware variants, with a total of 309,000 new variants identified between July 1, 2023, and June 30, 2024. This represents a 26% increase compared to the previous year. For comparison, in the early 1990s, the lists of viruses and trojans detected by pioneers like McAfee and Trend Micro were still manageable, with fewer than 1,000 entries.

Attack surfaces are primarily vulnerabilities in Microsoft Windows, according to the BSI. However, there has also been a surge in Android malware. As the federal agency warns, hackers have long established structures for criminal services, which pose an additional threat. Ransomware attacks continue to present significant challenges to businesses and institutions, with the number of data leaks on the rise. Conversely, the number of victims paying ransoms has decreased. Companies are now more transparent about cyberattacks and inform the public, business partners, and customers in a timely manner. This helps to close potential vulnerabilities quickly and prevent damage to other companies.

„„Especially ransomware, espionage, and disinformation threaten our prosperity and undermine our democracy,“ warns Plattner, adding in the agency’s press release: „However, we are not defenseless against these threats!“

Increased DDoS and Phishing Attacks

According to the BSI, there has been a concerning rise in cyberattacks, particularly those orchestrated by state-sponsored groups engaging in cyber-espionage and Advanced Persistent Threats (APTs). These attacks are having a particularly negative impact on government agencies, political parties, and other political institutions, as well as on businesses.

Both the quality and frequency of DDoS attacks (Distributed Denial of Services) have significantly increased, according to the BSI’s latest report. Compared to the annual average of 6.75 percent, the monthly share of high-volume DDoS attacks, exceeding 10,000 megabits per second, has nearly doubled to 13 percent in the first half of 2024.

Phishing attacks have also seen a sharp rise, increasingly targeting ordinary citizens through streaming services, aiming to steal their account or credit card information. It is crucial to enhance public awareness and education to strengthen the resilience of consumers against internet threats. The 2024 Cyber Security Monitor (CyMon) indicates that the victim rates in the private sector have remained largely unchanged, with 24 percent compared to 27 percent. The most significant impact is on trust, although the number of private financial losses has also risen, from 18 percent in 2023 to 26 percent recently.

“Cybersecurity is central to our society and affects each and every one of us,” Computerwoche quotes Interior Minister Faeser. “In a digitalized world, resilience against cyberattacks is crucial for the strength of our liberal democracy as a whole.” She also highlighted concerns over hybrid threats originating from Russia and other actors, emphasizing the need to strengthen protective measures.

Frequently Asked Questions

Editor’s Reading Tips

• Subsidies slow down the Mittelstand: Why simplicity is key to speed
• Managed Services: Why the Mittelstand outsources IT instead of building it up
• NIS2 Implementation: What the Mittelstand still needs to do

More from the MBF Media Network

cloudmagazin | SecurityToday | Digital Chiefs

Source of cover image: Pixabay / cliff1126