The Situation Report on IT Security 2024 published by the German Federal Office for Information Security (BSI) shows the dynamic and increasingly serious threat situation in the area of cyber security. The digital spaces that have become accessible to us as a result of digitalization harbour considerable risks as well as great opportunities. The report states that attacks are not only carried out on a technical level, but also through psychological and propagandistic approaches in order to increase the general uncertainty in society.
Increasing resilience to ransomware attacks
According to the 2024 situation report, ransomware attacks continue to pose major challenges for companies and institutions. The number of victims of data leaks following ransomware attacks has continued to rise. At the same time, the proportion of ransomware victims who pay a ransom has fallen. Those affected who have functioning backups of their data are not dependent on the attackers decrypting their systems. In addition, more and more companies are dealing with cyberattacks transparently and informing the public and their customers. This helps to close potential vulnerabilities more quickly and prevent damage to other companies.
Companies should invest more in security systems such as Endpoint Detection and Response (EDR), which can detect and stop suspicious behavior at an early stage.
Increase in DDoS attacks
The quality and frequency of DDoS attacks have increased significantly. The proportion of high-volume DDoS attacks with a bandwidth of over 10,000 megabits per second averaged 13% per month in the first half of 2024 and was therefore more than twice as high as the long-term average of 6.75%. According to the situation report, attackers exaggerate the comparatively minor damaging effects of such overload attacks in social networks in order to stir up general social insecurity.
However, a large number of new vulnerabilities in software and hardware are forcing companies to operate active and continuous vulnerability and patch management. Missed updates or poorly managed vulnerabilities offer attackers an opportunity to penetrate the system.
Reading tip: Cyber Resilience Act - European Council gives green light
Cyber espionage by APT groups
As the BSI reports, professional and often state-directed attacks by APT groups (Advanced Persistent Threats) can be observed against the backdrop of geopolitical conflicts. Cyber espionage to the detriment of authorities, political parties, political institutions and companies has become increasingly important.
Here too, organizations should invest in monitoring their systems in order to detect unusual activities at an early stage. This includes both physical security and the monitoring of digital systems and access points.
The role of large AI language models and their risks
The use of AI and large language models also harbors potential for abuse: attackers can use AI models to create malicious content such as phishing messages or deepfakes. Language models can also be used to generate or refine executable malicious code.
Companies should develop guidelines for dealing with AI technologies and check their use for potential risks. It is also important to sensitize staff to the risks of AI-supported attacks such as phishing.
Data theft remains a threat to consumers and companies
Citizens continue to face a tense threat situation, for example from phishing attacks: In addition to already known phishing campaigns in the name of banks and financial institutions, an increase in campaigns that misused the names of well-known streaming services was registered during the reporting period. The attackers captured data on payment methods such as credit cards, further information on payment service providers and personal data of account holders.
The report shows that threats in cyberspace are evolving rapidly and attackers are becoming increasingly professional. For companies, this means that they need to invest in cyber security and regularly check their systems for vulnerabilities. Only through proactive and preventative measures can the risk of cyber attacks and their potential impact on business processes be minimized.