According to the Federal Office for Information Security (BSI) in Germany, the country faces a serious and growing threat as society becomes more digitally connected and criminals become more sophisticated. BSI said the threat level has reached the danger alert level.
Increased threat level
BSI has released its annual report.State of IT security in Germany in 2021.. This emphasizes that the greatest risk comes from malware and ransomware attacks. In fact, the agency detected 144 million new malware variants between June 2020 and the end of May 2021. This is an increase of 22% annually. In February 2021, BSI detected 553,000 malware variants in one day. This is a new record. The report then states that it has raised the general threat level caused by malicious computer attacks from “tension” to “tension to serious” in 2020.
The reason for this increased alert level is the increased expertise of cybercriminals combined with the networked composition of society.
“The significant increase in remote work has significantly increased the attack surface for the interconnection of services and hardware provided and used. As a result, this trend exploits security flaws in cybercrime campaigns. It’s more likely to be done. ” Joint report by ANSSI in France and BSI in Germany..
As more businesses and civil servants work remotely, the increasing trend of cybercrime is being supercharged by the coronavirus pandemic. The report reveals that not only are cyberattacks widespread, but they are also costly. Bitkom, an IT industry group, Losses from blackmail and system outages have increased by 358% since 2019..
According to BSI, criminals aren’t just working for themselves. They also sell their services on the darknet. They took a more sophisticated approach in the process, using the multi-level attack strategies previously seen in the case of national espionage. For example, BSI looked at how a malicious attacker could negotiate a ransom from a victim and look for data in return.
The use of so-called “leak pages” was one example of exposing data stolen by an attacker and forcing the victim to pay a ransom. Authorities explained the extortion approach by pointing out the case of a hacked private psychologist’s office, where criminals put pressure on patients as well as clinic owners.
Threats to critical infrastructure
According to BSI, “Attack is attacking basic areas of our society, such as energy and medical infrastructure.” The BSI report further added, “Information security is very important and all digitization. It needs to be the foundation of the project. “
The same concerns are raised in the joint report of ANSSI and BSI. The two agencies write that the digitization of production processes that underpin the entity’s core activities through operational technology (OT) connectivity poses risks in the near future. These OT systems usually have a long life cycle and are expensive. It is not changed or upgraded on a regular basis. Therefore, most OT systems today were installed at a time when IT security was not recognized as an integral part of the operation of OT systems.
Another report from Europol, Internet Organized Crime Threat Assessment (IOCTA) 2020Keep in mind that ransomware poses a significant indirect threat to European companies and organizations, including critical infrastructure, by targeting supply chains and third-party service providers.
In addition to ransomware, European law enforcement agencies have reported malware in the broad sense that it is widespread in cybercrime cases. Criminals have converted some traditional banking Trojans into more sophisticated modular malware to cover a wider range of features. These evolved forms of modular malware are the EU’s greatest threat, especially as their adaptability and extensibility make them increasingly complex to fight effectively.
Germany adopts cybersecurity strategy
In response to the growing threat of advanced cyber attacks Federal GoGerman vernment adopts German 2021 cybersecurity strategy.. This strategy consists of four comprehensive guidelines:
- Establish cybersecurity as a joint task of state, enterprise, society and science.
- Strengthen digital sovereignty of nations, businesses, science and society.
- Ensures safe development of digitization.
- Makes the target measurable and transparent.
Want to know more about Tripwire? For more information on SCM solutions, download the Mastering Configuration Management Guide. https://www.tripwire.com/solutions/configure-and-harden-your-systems/guide-to-security-configuration-management..
German-speaking people can get the translated version here. https://www.tripwire.com/leitfaden-zur-sicherheitskonfigurationsmanagement..
Read this blog in German
Germany’s cybersecurity status in 2021
https://www.tripwire.com/state-of-security/security-data-protection/cyber-security/state-of-cybersecurity-in-germany-in-2021/ Germany’s cybersecurity status in 2021