The State of IT Security in Germany
In its report on the state of IT security in Germany in 2020, the Federal Office for Information Security (BSI, acting in its role as Germany's national cyber security authority) has provided a comprehensive and in-depth overview of the threats faced by Germany, its citizens, and its economy in cyberspace. The report also details the countermeasures deployed by the BSI and the solution strategies it has developed with its partners for stakeholders in government, the economy, and civil society.
The report indicates that the IT security situation in Germany remains fraught, with attackers using malware for broad-based cyber attacks on private individuals, companies, government agencies, and other institutions, as well as for targeted campaigns. Current topics of interest such as the COVID-19 pandemic have also been exploited by attackers.
Die Lage der IT-Sicherheit in Deutschland 2020
Add "Die Lage der IT-Sicherheit in Deutschland 2020" to shopping cart
Here, you can subscribe to The State of IT Security in Germany reports free of charge.
Last year, the threat situation was again dominated by the malware Emotet, which had already proven to be especially dangerous in the previous reporting period. Emotet enables a cascade of additional malware attacks that may culminate in targeted ransomware incursions on hand-picked and wealthy victims. The overall incidence of new malware variants in the autumn and winter was well above average (with as many as 470,000 new variants being recorded on a day-to-day basis).
Independently of Emotet, ransomware in general continues to pose the biggest threat to companies, public authorities and other institutions, and private users. Here, the BSI's observations included a trend towards targeted attacks on particularly wealthy victims. These attacks targeted car manufacturers and their suppliers and a number of airports and airlines, as well as less well-known companies with strong earnings. Public-sector organisations and higher-education institutions were also affected, as were healthcare facilities and hospitals in particular.
At the same time, the threat posed by data leaks took on a new dimension through the publication of millions of patient records on the internet. During the reporting period, databases and other repositories of highly sensitive clinical data were also found to be freely accessible online. Unlike actual data theft, these leaks were not the result of technically sophisticated attacks; they had occurred because the databases were inadequately protected or incorrectly configured. In Germany alone, around 15,000 data records pertaining to private citizens -- containing a total of several hundred million images -- were publicly available on the internet between July and September 2019. Regular occurrences of customer data theft were also observed in the reporting period
and, as in previous periods, software products were found to have a number of vulnerabilities (several of them critical) that hackers were able to exploit for malware attacks or data theft. They increasingly used the 'human factor' as a starting point for attacks based on social engineering, which also open the door for further attacks.
The rapid response of cyber criminals to socially relevant topics and trends has been clearly demonstrated by the wide variety of attacks exploiting the COVID-19 pandemic. Phishing campaigns, CEO fraud, and straightforward IT-based scams were all observed in this context. In one example, fraudsters were able to siphon off emergency assistance funds by creating website mock-ups that were virtually indistinguishable from official pages. The corporate information entered by applicants on these fake websites was then used by the cyber criminals to falsely apply for emergency assistance funds in their place.
As new vulnerabilities and types of attacks appear on a daily basis and the complexity of IT infrastructure continues to grow, the threat landscape remains both dynamic and perilous, with potentially devastating ramifications for companies, public authorities, and individuals. Germany is not helpless in the face of these challenges, however. At the BSI, a diverse team of experts from a wide range of disciplines work together on the most important digital topics of our time -- such as artificial intelligence, 5G, autonomous driving, and secure smart homes. In this way, those of us at the BSI are guiding Germany through a secure digital transition.
Other situation overviews
- Die Lage der IT-Sicherheit in Deutschland 2019
- Die Lage der IT-Sicherheit in Deutschland 2018
- Die Lage der IT-Sicherheit in Deutschland 2017
- Die Lage der IT-Sicherheit in Deutschland 2016
- Die Lage der IT-Sicherheit in Deutschland 2015
- Die Lage der IT-Sicherheit in Deutschland 2014
- Fokus IT-Sicherheit 2013
- Die Lage der IT-Sicherheit in Deutschland 2011
- Die Lage der IT-Sicherheit in Deutschland 2009
- Die Lage der IT-Sicherheit in Deutschland 2007
- Die Lage der IT-Sicherheit in Deutschland 2005