Cyberattacks on IT infrastructure are escalating, driven by political motives and extortion tactics, warns the Federal Cyber Authority in its report. A flawed software update disrupted global services, while 22 Advanced Persistent Threat (APT) groups target government and critical sectors. With elections approaching, potential interference and disinformation campaigns threaten democracy. The rise in DDoS attacks and extortion demands highlights vulnerabilities among various institutions, prompting calls for stricter cybersecurity regulations and enhanced protective measures across sectors.
Cyberattacks on IT infrastructure are becoming more frequent and aggressive, with many stemming from political motives, warns the Federal Cyber Authority in its latest report. The rise of extortion using stolen data is also a growing concern.
On July 19, 2024, a flawed software update from the IT security firm Crowdstrike led to a global disruption: surgeries were halted in hospitals, flights were canceled at airports, and grocery stores were forced to close. “This was not a cyberattack, but merely an operational error,” recalls Claudia Plattner, the president of the German Federal Office for Information Security (BSI), in this year’s IT security report.
The report highlights that besides human mistakes, there are numerous attacks from various actors. The BSI emphasizes the severity of the current threat landscape, labeling it as ‘worrisome’ and evolving ‘rapidly.’ The repercussions of these attacks are deemed ‘serious,’ and the financial damages are ‘considerable,’ with the volume of attacks increasing ‘immensely.’
This situation reflects the impact of geopolitical tensions, such as the ongoing conflict in Ukraine and the Gaza war, which have given rise to numerous cyber phenomena.
Espionage and Sabotage Threats
During the reporting period, the BSI identified 22 active Advanced Persistent Threat (APT) groups operating in Germany. APTs are highly trained, often state-sponsored groups that engage in prolonged attacks on networks for espionage or sabotage purposes.
Their main targets include governmental departments related to foreign affairs, defense, and public safety, as well as companies in these sectors. In May, a hacker group known as APT28 was linked to the Russian state by German and European partners. This group was implicated in a cyberattack on the email systems of the SPD party headquarters and various companies in the logistics, defense, aerospace, and IT service industries.
Other European nations also reported similar cybersecurity breaches, particularly affecting operators of critical infrastructure such as energy suppliers. APT28, associated with Russian military intelligence, is recognized as one of the most active and dangerous hacking groups globally.
Shortly after, a cyberattack on the CDU’s network came to light, which party leader Friedrich Merz described as “the most severe attack on an IT structure that any political party in Germany has ever experienced.” Security officials have yet to pinpoint the attackers behind this incident.
Healthcare facilities are increasingly under siege from cyber threats.
Political Targeting Through Cyberattacks
Plattner warns, “Deliberate cyber assaults on state and political entities, along with AI-driven disinformation campaigns, pose a direct threat to our democracy.” With the European, state, and local elections set for 2024, the BSI has raised alarms about potential interference with electoral processes and public opinion.
Such interference may involve attempts to undermine the legitimacy of elections and erode public trust in democratic institutions. Tactics include ‘hack-and-leak’ operations where emails and documents are stolen and released, sometimes altered, along with attacks on voter data storage sites.
The BSI is considering providing institutional support to state authorities to bolster defenses against these threats.
Surge in DDoS Attacks
In response to these challenges, the BSI’s strategy includes enhancing technology security, implementing multi-factor authentication, and increasing awareness among election officials, political parties, candidates, and public servants.
Concerns have also risen regarding a spike in Distributed Denial of Service (DDoS) attacks, where systems are intentionally overloaded to render them inaccessible. The frequency and intensity of these attacks have surged in the first half of 2024, particularly from supporters of the ongoing Russian aggression, according to BSI President Plattner.
Despite the need for stronger protections against cyberattacks, the federal government’s efforts have not yet met expectations.
The Rise of Extortion in Cybercrime
Amidst this turmoil, not just large corporations but also small and medium-sized enterprises are increasingly becoming targets. IT service providers, municipalities, universities, and research institutions are particularly vulnerable to these attacks as criminals often target the easiest victims.
The ransom demands have skyrocketed, totaling approximately 1.1 billion US dollars globally, with many believing the actual figures to be significantly higher. Victims can experience prolonged downtimes, affecting municipal services, such as processing citizen benefits and vehicle registrations.
“It is crucial for municipalities and companies to enhance their protective measures,” emphasizes Plattner.
Nearly 30,000 companies are now under stricter IT security regulations and are facing substantial investment requirements.
Impending Stricter Cybersecurity Regulations
Operators of critical infrastructure already face legal mandates to implement specific measures for preventing and managing cyberattacks, achieving a medium level of resilience—a ‘slightly positive trend.’
There are calls to expand these obligations to more businesses. Federal Interior Minister Nancy Faeser indicated that “in 2024, German IT security law will undergo comprehensive modernization and restructuring.” However, the practical implementation of these stricter regulations remains uncertain.
The proposed NIS2 implementation law aimed at enhancing cybersecurity has only progressed to the first reading stage in the Bundestag and is currently under consideration in the interior committee. The future of this legislation is unclear, especially after the collapse of the traffic light coalition.
Efforts to transform the BSI into a central authority akin to the Federal Criminal Police Office have faced hurdles. Both the BSI President and the Federal Interior Minister have repeatedly stressed the necessity of being able to respond promptly to simultaneous cyberattacks nationwide, without the need for lengthy discussions regarding responsibilities.
However, achieving this would require a constitutional amendment, necessitating two-thirds majorities in both the Bundestag and Bundesrat—a challenging prospect, especially given opposition from larger, union-led federal states concerned about potential loss of authority.
This cybersecurity challenge was reported by Deutschlandfunk on November 11, 2024, at 09:40 AM.