Federal Cybercrime Report: Fuse burning, fire often lit elsewhere

The Federal Criminal Police Office (BKA) is not giving the all-clear on the cyber front. The cybercrime offenses recorded by the authority remain at the "high level" that has been observed for years, according to the Federal Cybercrime Situation Report 2023 published on Monday. This is particularly evident with regard to crimes against the internet, other communication networks, IT systems and data that cause damage in Germany but are committed from abroad or from an unknown location. The number of these so-called foreign crimes has risen continuously since they were recorded in 2020 - by 28% in 2023 compared to the previous year.

The BKA only provides an index value for such cybercrime offenses in the report. Absolute figures are to be published for the first time for the 2024 reporting year in coordination with the federal states. However, the authority has already announced that the number of international offenses once again exceeds the number of domestic offenses in which Germany is the "place of action and damage". The total of the latter fell slightly by 1.8% to 134,407 cases compared to 2022. Computer fraud accounted for 82 percent of these cases. This is followed by forgery and deception with data as well as spying on data and data theft with 8% each. The domestic detection rate has risen slightly to 32%. In the previous year, it was around 29%.

According to the industry association Bitkom, the German economy now suffers losses of 206 billion euros per year due to the theft of IT equipment and data as well as digital and analog industrial espionage and sabotage. Around three quarters (72 percent) of all companies in Germany are affected by this. Pure cyber attacks now account for 148 billion euros, or 72%, of this figure. In 2021, the proportion was still 59 percent. 48% of companies in Germany feared that a successful cyberattack could threaten their existence.

Takedowns of infrastructure as a countermeasure

The BKA once again cites phishing as a frequently used gateway. Cyber crooks often rely on "time-critical or emotionalizing content" to exert pressure on recipients and entice them into activities such as opening attachments. The authority also describes "initial access brokers", which provide other criminals with access to IT systems, as important entry vectors. They are an example of offers from the "underground economy" based on the division of labor, which now offers its criminal services on an industrial scale according to the cybercrime as a service model. In this context, previously unknown zero-day vulnerabilities and specific malware variants should also be highlighted.

Overall, according to the situation report, the high threat level in 2023 was characterized by hacktivist DDoS campaigns and a large number of ransomware attacks, some of which had far-reaching effects on IT supply chains. This time, the BKA lists LockBit, Phobos, BlackBasta, Akira and BlackCat as the top 5 ransomware Trojans. Artificial intelligence (AI) could act as a catalyst in the cybercrime sector and trigger an enormous increase. However, the same capabilities are also able to help strengthen IT security, for example by detecting phishing, malware and attempted attacks at an early stage.

According to the report, the often loosely connected perpetrators are "not only distributed worldwide in the area of ransomware". They are also "often located in countries where they are tolerated or even protected". Police measures against the infrastructure used by the perpetrators and accessible to law enforcement authorities therefore form "an effective strategy for countering cybercrime in a more sustainable way" alongside personnel investigations. BKA President Holger Münch referred in particular to the successful access to the server infrastructure of the Bitcoin mixer Chipmixer, which deprived the underground economy of 90 million euros.

Constant hunt for powers

In some cases, the BKA was unable to implement measures as the police forces of the federal states were primarily responsible, Münch complained. In future, responsibility for combating serious cyber threats should lie with the federal government. He also appealed to companies and citizens to report cyber crimes. So far, this has not happened in over 90 percent of cases.

Claudia Plattner, President of the Federal Office for Information Security (BSI), compared ransomware families to an attacker placing a stick of dynamite in a warehouse in a "super simplistic" way. The fuse reaches "very far", in some cases "as far as Russia". If a command center for this type of malware is destroyed, the pursuers are effectively breaking the match. The local emergency center CERT-Bund notifies up to 20,000 affected victims per day in Germany alone, and 400,000 worldwide, who all have to take their servers offline to cut the fuse. Countermeasures such as patching, authentication, backups and prevention are generally necessary.

Federal Minister of the Interior Nancy Faeser (SPD) took the opportunity to once again promote the retention of IP addresses, particularly in the fight against child sexual abuse. However, the situation report does not refer to "cybercrime in the broader sense", which according to the BKA includes grooming "or the distribution of child pornography". IT security expert Manuel Atug sees the security authorities and politicians as being caught up in the "eternal conflict" of demanding more and more powers to hunt down criminals instead of really defensively securing Germany and IT systems and consistently closing vulnerabilities. The industry's call for regulation also shows that the otherwise constantly preached self-regulation is failing and that companies are doing far too little for IT security on their own initiative.

(akn)