Germany boasts one of the world’s largest, most sophisticated, and international economies. Companies doing business in Germany are thus an increasingly relevant target for cyberattacks.
Germany‘s Federal Criminal Police Office (Bundeskriminalamt or BKA) is the federal law enforcement agency charged with investigating cybercrime, and for coordinating federal-state cooperation in cybercrime matters. The BKA recently published an annual “Situation Report” (available here in German) summarizing the primary cyber threats Germany faced in 2021. The BKA Report provides a unique look into the Germany-specific threat landscape.
This article summarizes three salient insights from the BKA Report – the preferred targets, attack types, and attack vectors – that affected the German market in 2021.
- Ransomware was the Primary Threat
Per the BKA, ransomware was the primary cybersecurity threat Germany faced in 2021. In addition to its own experience, the BKA cited reports from Microsoft, Sonicwall and Sophos in concluding that Germany is “one of the most common targets” for ransomware attacks, and is attacked with ransomware at an “above average” rate.
Based on industry research conducted by German trade association Bitkom, the BKA estimated that ransomware resulted in an estimated €24 billion in damages to German companies in 2020-2021. This represented a nearly five-fold increase since 2019.
Further, in 2021, the BKA states that average ransom paid by German companies was $204,695 – with the highest average payments being made in Q1 and Q4 of 2021. This reportedly represented a 21% increase from the average ransoms paid in 2020. (The BKA recognizes that ransoms are not the only cost associated with a ransomware attack, but it does not appear to track costs associated with forensic investigations, data restoration, breach notifications, or the like. It instead cites various third-party reports indicating that average ransomware event costs can range from $89,000 to $1.85 million, depending on the industry of the affected company.)
Like in the US, ransomware affected all sectors of the German economy. Critical infrastructure operators, SMEs, and government agencies suffered ransomware incidents – with manufacturing and financial services companies apparently being more frequent targets. The BKA indicated it saw cases of double extortion, triple extortion (ransomware and DDoS), and “second-stage” extortion of customers. Of these, double extortion was the “standard modus operandi” of attackers, representing 81% of ransomware attacks.
- Phishing and Vulnerabilities were the Primary Entry Vectors
According to the BKA, Germany faced two primary entry vectors for cyberattacks in 2021: phishing and vulnerabilities.
Phishing – Per the BKA, phishing increased in Germany as a result of the coronavirus pandemic, much like it did in other economies where remote work increased. Apparently, the BKA saw Germany-specific phishing campaigns that involved spoofed messages appearing to be from widely-used public banks (the Sparkassen) and credit unions (the Volksbanken). But the BKA also saw the types of phishing campaigns that international companies already train their employees to avoid – like fake websites, SMS-based phishing, fake social media messages, and faked voice calls. The BKA cited research by the Anti Phishing Working Group to conclude that the financial services industry saw the most fishing attempts in 2021 – while adding that the coronavirus pandemic also increased phishing in enterprise service providers and healthcare.
Vulnerabilities – The BKA noted that German companies are affected by a growing underground “access-as-a-service” industry that offers vulnerabilities for sale to malicious actors. As an example, the BKA noted that the Log4j vulnerability resulted in “widespread exposure” throughout Germany’s private sector and public administration.
- All Types of Companies were Targeted – but Large & Critical Companies were Preferred
The BKA cited market research from Bitkom indicating that 88% of German companies stated they were affected by cybercrime or electronic espionage in 2021. Approximately 89% of companies indicated that the number of attacks had increased in the past year. However, the BKA noted that “larger companies tended to be the targets of cyberattacks.” This is a trend that continued from 2020. Particularly, after Russia invaded Ukraine, the BKA noted an increase in attacks on critical infrastructure operators.