1. Skip to content
  2. Skip to main menu
  3. Skip to more DW sites

German cybersecurity office issues dire threat warning

October 21, 2021

Germany's cybersecurity agency says the country faces a grave and growing threat as society becomes more digitally connected and criminals more sophisticated. The BSI said threat levels had reached red alarm levels.

BSI President Arne Schönbohm (l) and Interior Minister Horst Seehofer in Berlin
BSI President Schönbohm says the nexus of professional criminals and digital society has created a dangerous threat matrixImage: Christophe Gateau/dpa/picture alliance

Germany's Federal Office for Information Security (BSI) released its annual threat report Thursday, sounding the alarm over risks presented by computer viruses and ransomware attacks.

Speaking in Berlin alongside Federal Interior Minister Horst Seehofer, BSI President Arne Schönbohm said his agency had detected 144 million new malware variants between June 2020 to the end of May 2021 — up 22% for the year.

The Bonn-based BSI, which is part of the Interior Ministry, said that in February of this year it detected 553,000 malware variants in a single day — a new record. Its report noted that it had raised the general threat level posed by malicious computer attacks from "tense" last year to "tense-to-critical."

At Thursday's presentation, BSI President Schönbohm said some parts of the digital realm had experienced threat level "red." The reason, he said, was the increasing professionalism of cybercriminals combined with the networked composition of society and the ever-expanding possibilities presented to criminals in terms of software security vulnerabilities.

The issue of cybersecurity also touches on a key conflict facing governments and tech companies, namely the argument on one side for personal data protection and the desire to create software that cannot be exploited; and on the other, the need to leave some security breaches open in order for states to catch criminals. Nevertheless, the conundrum is that criminals are just as keen to exploit security breaches as agencies are.

Hacking for Germany

Coronavirus turbocharging cybercrime

The trend of growing cyber criminality has been turbocharged by the coronavirus pandemic as more business and government employees work remotely. The report makes clear that cyberattacks have not only become more prevalent, they have also become more costly.

Bitkom, an IT-industry association, has estimated that losses from blackmail and system outages have risen 358% since 2019.

Interior Minister Seehofer said he expected threat levels to remain high. He said: "The attacks are hitting areas that are fundamental for our society, like energy and healthcare infrastructure."

The BSI report made clear: "Information security must be given considerably greater significance and become the basis for all digitization projects." The agency says it wants to step up its work advising states, municipalities, businesses and everyday citizens.

People are the biggest security loophole

Criminals getting more sophisticated

Criminals are not only working for themselves, according to the BSI, but are also selling their services on the darknet. They have also become more sophisticated in their approach, using multi-level attack strategies previously seen in instances of state espionage.

The BSI noted, for instance, a method in which hackers negotiate ransom from a victim, and in return seek data.

The use of so-called "leak pages" was one such example, where hackers would publish stolen data to extort victims into paying a ransom. The agency illustrated the blackmail approach by pointing out the case of a private psychologist's office that was hacked and in which criminals proceeded to pressure not only the owner of the practice, but patients as well.

Fleeced by phone. A true story

More digitalization, more attacks

The world has seen a number of spectacular cyberattacks this year, such as the Colonial Pipeline attack that caused gasoline shortages in the US; the JBS attack, which halted production at the world's largest meat processor; and the attack on Ireland's Health Service Executive, which forced the service offline causing confusion and massive delays in services.

In July, the German district of Anhalt-Bitterfeld in eastern Saxony-Anhalt formally declared a disaster after its computer systems were compromised. At the time, the BSI called it the country's first "cyber catastrophe."

Outgoing Interior Minister Horst Seehofer has long argued that the BSI should not be made independent of the Interior Ministry, which critics claim has been woefully overwhelmed with the task of fighting cybercrime for years. Seehofer would not answer reporters' questions about whether the BSI should become a full-fledged Cabinet ministry under the new government when asked about the prospect at Thursday's press conference.

Data security and cybercrime

js/wd (AFP, dpa, Reuters)