Protecting attack surfaces, closing security gaps
The IT security situation in Germany has been and remains worrying. Groundbreaking technical developments play into the hands of malicious actors in the digital space. Cyber criminals are professionalising the way they work. They are at the cutting edge of technology and act aggressively. They have long since established structures for their criminal services. Germany is countering the threat with a viable cyber security architecture. In cooperation with international partners, successes have already been achieved in containing malware. The BSI's report on the state of IT security in Germany in 2024 highlights threats, but also makes it clear that the BSI is working intensively to strengthen cyber resilience.
The BSI monitors the situation of Germany as a Cybernation in the five dimensions of threat, attack surface, hazard, damaging effect and resilience, with resilience having a positive effect on the other four dimensions. If a threat, such as a malware programme, encounters an attack surface, for example a web server, this creates a hazard. If the malicious programme penetrates, this has a negative impact, for example if data flows out. A high level of resilience is required to be able to ward off the effects of malware as far as possible.
Download: The State of IT Security in Germany 2024
The dimensions of the cyber security situation
Threats emanated from various attacker groups in the past reporting period. APT groups, for example, engaged in cyber espionage and launched attacks on foreign affairs, defence and public security and order authorities. Companies and institutions operating in these areas were also affected. In addition, the cybercriminal shadow economy based on the division of labour continued to become more professional: so-called access brokers traded in captured access data. Other cybercrime groups used zero-day vulnerabilities, vulnerabilities for which there is no update yet, to steal data.
The attack surfaces increased as digitalisation progressed: the number of complex and vulnerable systems increased. Once again, the number of daily known vulnerabilities increased compared to the previous year. In particular, a large number of critical vulnerabilities in perimeter systems, such as firewalls and VPNs, became known. This is worrying, as attacks on perimeter systems also continued to increase significantly. Android systems were also conspicuously vulnerable.
The threats in the reporting period resulted from various types of attack. The number of high-volume DDoS attacks, which increased dramatically in the first half of 2024, was alarming. Public cloud infrastructures were also attacked more frequently. Ransomware attacks were directed en masse against small and medium-sized enterprises and municipalities, which are often still inadequately protected and therefore easy targets. For example, an attack on a municipal IT service provider at the end of October 2023 affected 72 municipal customers with around 20,000 municipal workstations.
The significant damaging effects in the reporting period include, for example, months of downtime for local authorities due to ransomware attacks. At the same time, USD 1.1 billion in ransom money was stolen worldwide through ransomware attacks and the number of unreported cases is probably much higher. On average, almost three times as much was paid for stolen exfiltrated data as for captured encrypted data. The number of suspected victims of data leaks also continued to rise during the reporting period.
The decisive dimension: resilience
The four dimensions of threats, attack surfaces, hazards and damaging effects have an immense negative impact, but Germany is not defenceless in the face of all this. With the broad expertise of its employees, the BSI was able to make a significant contribution in the reporting period to detecting threats at an early stage, warning of them and providing assistance and solutions. For example, the BSI used its sensor technology to detect botnets through sinkholing and thus also supported law enforcement. The relevant authorities around the world have carried out numerous takedowns against botnets operated by cybercriminal attacker groups.
Resilience is a joint task
Germany has already come a long way on the road to becoming a resilient Cybernation. However, resilience cannot be realised alone and overnight. All stakeholders are called upon to contribute to strengthening resilience against cybercrime and IT security incidents. In future, manufacturers should provide even more secure products that are consistently developed according to the principles of security by design and security by default and supported throughout the entire life cycle. Operators should implement the principles of cyber security and protect their systems against attacks and incidents in the best possible way. Consumers are also called upon to build up cyber security expertise.
The major goal of Germany as a Cybernation can only be realised by joining forces. If business, science and politics work together, these solutions will be realised in a vibrant ecosystem for cybersecurity products and services. This is the only way to improve IT security and drive digitalisation forward. Now and in the future, the motto has to be: ‘Cooperation wins’.
Facts and data
quote slider
Free subscription to 'The state of IT Security in Germany' report
For sustainability reasons, the report ‘The State of IT Security in Germany’ will no longer be printed and sent to subscribers from 2025. If you would like to be informed about the online publication of the status report in future, you can enter your e-mail address here. You will then receive the info mail on the publication date of the report in November.
