Content
Despite numerous improvements in IT security and increased resilience to cyber attacks, the situation remains worrying, according to the new situation report from the Federal Office for Information Security (BSI). Its President, Claudia Plattner, and Federal Minister of the Interior Nancy Faeser jointly presented the over one-hundred-page report on the state of IT security in Germany at the Federal Press Conference on Tuesday.
Ransomware attacks continue to pose the greatest challenge. The number of victims of data leaks rose again in the reporting period (mid-2023 to mid-2024). Attackers are also becoming increasingly successful at delaying the detection of their attacks (e.g. through EDR systems).
Fortunately, the number of companies that have paid ransoms has nevertheless fallen. However, the amount of ransoms extorted has risen compared to the previous reporting period. The trend is that victims have to pay higher ransoms for exfiltrated data than for encrypted data.
Cyber espionage also plays a major role:
The status report lists a total of 22 different APT groups (Advanced Persistent Threats) whose attacks target both public authorities and companies. The BSI assumes that these attacks are often state-directed.
The number of DDoS (Distributed Denial of Service) attacks has also increased: In the first half of 2024, it was around twice as high as the long-term average.
Nevertheless, there is also some positive news, as law enforcement authorities have managed some spectacular takedowns against RaaS (Ransomware-as-a-Service) offerings and operators of critical infrastructure (KRITIS), among others, have been able to increase their prevention capabilities. However, this is no reason to sound the all-clear. Federal Minister of the Interior Nancy Faeser therefore warns: “The cyber security situation remains tense. But at the same time, we can see that Resilience against attacks is increasing and more is being invested in cyber security. This is absolutely necessary.”
SECUINFRA supports companies of all sizes in detecting, analyzing and defending against cyber attacks and offers various solutions, including a Managed Detection & Response Service (MDR) with round-the-clock monitoring and guaranteed rapid response.
