German IT security situation increasingly critical in 2020

German IT security situation increasingly critical in 2020

The German Federal Office for Information Security (BSI) has just released its 2020 report on the IT security situation in Germany. It once again underlines the fact that a high-performance email security service is absolutely essential in this day and age.

“Malware generally finds its way onto a computer by way of attachments or links included in an email,” explains the introductory chapter on threats to cyber security in Germany. Moreover, new malware or novel variants of known malware are proliferating at unprecedented rates according to the BSI: a whopping 322,000 instances of malware were added every day on average during the period covered by the report (June 2019 to May 2020). The greatest threat highlighted in the report comes from the Emotet trojan, which previously wreaked havoc in the banking sector. Following infection, this nasty malware is able to cause other malicious software to be downloaded subsequently, such as the spyware and sabotageware Trickbot or the Ryuk ransomware, in order to monetize the cybercrime.

Emotet is also spread via email. “It is often attached to emails in the guise of a job application, for instance, or hidden in a manipulated image file. The malware may also be concealed on a website hidden behind a link contained in the email. Simply clicking on this link allows the trojan to be installed,” the report goes on to say. To induce users to click on the link, the BSI adds, sophisticated social engineering techniques are brought into play. Especially tricky: After Emotet has managed to infect a user’s environment, it reads its victim’s email communication and uses this knowledge to attack the user’s communication partners. These partners then also receive emails with infected attachments that will install Emotet if clicked on.

Ransomware could prove extremely costly

Beyond the damage caused by Ryuk, ransomware was a real plague during the report period. This is because “once this type of malware has been implemented, it prevents access to locally stored data and systems, or even those that can usually be accessed via the company network.“ This results in the costly disruption of business operations. The criminals behind the attack may also publish the data they have encrypted (or at least threaten to do so). The BSI confirms that ransomware is spread through email attachments or links in email messages leading to an infected website, the usual suspects amongst cyberattack vectors.

BSI President Schönbohm (left) and Secretary of the Interior Seehofer at the Bundespressekonferenz. Photo: Factor 3/Roman Schwer

Companies are also often subject to attacks carried out via vulnerabilities in remote maintenance and VPN software, as a way of sneaking ransomware into the system. The federal authority confirms a general trend amongst ransomware attacks towards targeted efforts aimed at financially healthy victims. In addition to companies boasting a high turnover, especially public sector institutions and universities came under attack, as well as medical facilities such as hospitals, the report reveals.

On the coronavirus crisis bandwagon

The organized cyber criminals of course sought to exploit the coronavirus crisis. This is shown, the BSI report goes on to say, in a range of attacks that tried to profit from the covid-19 pandemic. The authority observed phishing campaigns, CEO fraud and scams using IT resources. The coronavirus crisis has indeed provided a boost for digitalization in Germany, but it remains essential to ensure that these efforts are not only sustainable, but also secure.

The full, almost 90-page long BSI report, including a lot of other interesting information, can be downloaded for free as a PDF.

The Email Security service that forms part of Retarus’ Secure Email Platform protects company inboxes against malware, phishing and advanced threats such as “CEO fraud” – even after the emails have been delivered and their contents or attachments are only identified as harmful at a later time  (postdelivery protection). Retarus Email Continuity, on the other hand, throws you a lifeline when your own email infrastructure has been put out of action by ransomware or some other unforeseen event. You can find out more about this topic on our website or directly from your local Retarus representative.

Tags: //

Submit a Comment

Your email address will not be published. Required fields are marked *