On October 11, 2018, the German Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik, “BSI”) published its annual Report on the State of IT Security in Germany 2018 (“Security Report”). The Security Report shows an alarming increase in cybersecurity attacks against state agencies, critical infrastructure, and private companies, as well as against individuals, during the reporting period of July 1, 2017 to May 31, 2018. In its press statement from the same date, the BSI noted that “the combination of new attack quality and increasing digitalization raises the threat situation to a new level.”
During the reporting period, the BSI received 145 reports of attacks against critical infrastructure alone, in particular in the telecommunication and energy sectors. The Security Report further reveals that, according to a cybersecurity survey, in 2016 and 2017 approximately 70 percent of the 900 responding companies and institutions reported that they were subjected to cyber-attacks. Fifty percent of attacks were successful, and of those successful attacks, 50 percent led to production downtimes. Moreover, in about 57 percent of the reported attacks, IT systems were infected by ransomware; 19 percent of the companies became victims of hackers; and in 18 percent of the successful incidents, the systems were forced down by Distributed Denial-of-Service attacks (“DDoS”), i.e., overwhelming internet traffic.
The BSI further advised that Industrial Control Systems (“ICS”) are particularly vulnerable to ransomware because they are often run with outdated software. While specific manipulations of machines and plants remain the exception, the BSI expects to see more targeted attacks of this nature in the future, as attackers gain a better understanding of the production processes. There are also indications that several groups are developing specific malware for attacks against ICS. Connected vehicles are on the BSI’s radar as well. While no concrete incidents have been reported yet, the BSI wants to conduct a more detailed risk analysis of On-Board Diagnostic (“OBD”) interfaces in vehicles to gain a better understanding of the associated cybersecurity risks.
Generally, the threat landscape seems to have become more diverse in recent months. While ransomware attacks caused by malware like “WannaCry” and “NotPetya” are continuing to a lesser degree, the BSI has seen a shift to more targeted attacks, increasing the pressure on companies to develop appropriate response strategies. This observation is in line with security reports of other cybersecurity firms issued earlier this year (we reported here). Attacks against Internet of Things applications also continue. Typically, hijacked devices are connected to botnets, allowing attackers to access foreign IT systems on a large scale. The botnets can then be used for multiple purposes, such as stealing or manipulating data or using the combined processing power of the botnet for other activities, such as illegal crypto mining.
For companies, the increase of targeted attacks should certainly be the most alarming aspect of the Security Report, as sophisticated social-engineering attacks are hard to fight. Raising employees’ cybersecurity awareness by appropriate training should therefore be a cornerstone of any cybersecurity risk program.
