Last year in Germany we saw the COVID-19 pandemic exacerbate existing cyber security concerns. Has this trend continued, and what else has been happening in Germany? Based on the last 12 months, these are the cyber security trends we expect to be prevalent in 2022.
Germany’s top cyber security trends for 2022
Cyber attacks in the ongoing pandemic situation
Last year we noted that cyber attackers were taking advantage of increasingly digital German companies, who had to transform in order to continue operating during pandemic lockdowns.
This has continued on through 2021, with the German Federal Office for Information Security’s (BSI) Die Lage der IT-Sicherheit in Deutschland 2021 report noting that cyber criminals had used a variety of tactics to abuse the poor security among many rapidly digitised businesses. Such tactics included:
- Using stolen data to gain unauthorized access to web conference meetings in order to spy on them, or sabotage them.
- Building fake websites to exploit panic. The BSI found websites pretending to sell protective equipment, as well as websites set up to look like they were offering economic aid. Attackers could then use the details submitted to those sites to apply for funding on behalf of the company and take the money for themselves, or they could just sell the data.
- Focusing attacks on the healthcare sector. There were a number of attacks on healthcare organisations throughout 2021, including the European Medicines Agency, a German company manufacturing COVID-19 antigen tests, and at least two French hospitals (both of which were paralyzed by ransomware).
- Exploiting the ‘bring your own device’ nature of rapidly digitally transformed organizations. Through social engineering and phishing, attackers were able to gain a foothold in personal employee devices, which the employee would then use to access their company network – giving said attackers an easier route to infect the company’s IT systems.
Ransomware grows more prolific
Ransomware is now one of the most prolific forms of malware on the web. According to the Kaspersky Security Bulletin 2020-21, nearly 57,000 unique users were struck by malware during that reporting period, of which over 12,300 were from major organizations.
Big game hunting
Why are so many huge companies under attack, rather than small companies? It’s due to a trend called ‘big game hunting’ – where attackers target very large organizations from which they can extort the largest possible ransom. Criminals look for high-value targets through publicly available financial information, and choose companies that they think can afford the biggest ransoms.
How are attackers getting in?
The usual methods are still common – phishing via spam emails, for example. But attackers have found that they can also manipulate weak points in remote maintenance and VPN access. Whenever these are compromised, it gives attackers quite extensive access to the system. And they’re taking their time initiating attacks, too, scouting the network and spear phishing for specific victims before making their move.
Learn more: “The most common cyber attack vectors of 2021“
Rise of cyber-crime-as-a-service
Since 2020, there has been a sharp rise in the number of groups offering malware as a SaaS product. Ransomware-as-a-service (RaaS) is one of the most common, where would-be attackers purchase ransomware from an organized group, as well as the use of its payment and distribution infrastructures and back-office services. Some RaaS groups even offer customer service for victims, to help them pay.
According to the BSI, RaaS allows attackers to conduct effective extortion operations at a lower cost – they don’t even need the technical skills to develop the malware, or any of its components. In exchange, a percentage of their extorted earnings go back to the group (BSI says this is usually less than 50%).
Top threats to German companies, in numbers
In 2021, the BSI discovered 144 million new malware variants, which is 20% more than last year. That’s 394,000 per day.
In addition:
- 71% of German cyber security professionals said attacks increased due to employees working remotely (VMware).
- Ransomware alone caused 18% of security breaches in the past 12 months (VMware).
- 70% of EU internet users experienced at least one malware attack in 2020/21 (Kaspersky).
- 40% of Kaspersky users in the EU encountered at least one phishing attack in 2020/21 (Kaspersky).
- The BSI intercepted an average 44,000 malicious emails to government networks per month last year (BSI).
- There were twice as many bot infections per day in German systems last year than the year prior, 20,000 rising to 40,000 (BSI).
What should your company focus on?
1. Raise cyber awareness throughout the business
Human error is one of the biggest security vulnerabilities for any business. Phishing, social engineering, credential harvesting, all of these attack vectors take advantage of people. So, your people must know what to look for and how to keep safe online.
Try to raise the basic level of cyber security understanding in your business. Host workshops and education sessions on a regular basis to teach the basics, and incorporate cyber awareness into everyday life – giving shout outs to people who are doing well, and send out occasional tips and reminders about, for example, changing passwords, or how to spot spoofed websites.
2. Invest in backups
Ransomware works because it locks access to important files, or entire systems. If a company can’t get access to those files, it cannot operate as a business. This can be hugely damaging.
If you were to back up your system regularly, however, you could theoretically reinstigate the backed up version of your files in the event of a ransomware attack. You would lose only the data that was gathered between creating the backup and now. This may be weeks’, or just days’ worth of information.
Just remember, though – your backup has to be safe from attackers. We recommend housing backups in an entirely separate network to your main system, so any malware cannot cross over into the backup and infect that too.
3. Manage the risk of your third parties
In the global digital supply chain, your partners and vendors could leave your business vulnerable. As companies increasingly deploy apps and tools developed by other companies, you may find that your organization becomes beholden to someone else’s cyber security.
It’s of critical importance these days that you review all vendors and partners from a security perspective from the very beginning of the relationship – before signing the contract, even. Involve your security experts in the research and negotiation phases, and try to keep a diverse set of vendors – so that you spread the risk, and don’t rely entirely on one brand.
Learn more: “Are you reviewing third parties for security risks?”
Worried about going it alone? We can help
Cyber security is, unfortunately, a problem that is only getting worse. We know it can feel like a lot to try and figure out how to tackle it all on your own, but you don’t have to.
Here at dig8ital, we know what it takes to improve a company’s security posture, and to build better policies and procedures from the ground up – tailored to each of our unique clients’ own needs.
So what can we do for you? Contact us for a free maturity consultation and let’s talk about what you require.
