In February this year, Germany's technical cyber defense recorded the highest number of new malware variants ever measured.

An average of 553,000 new computer viruses, Trojans and attack tools were added every day.

A total of 144 million new malware variants were counted between summer 2020 and summer this year - an increase of more than a fifth within one year.

The Federal Office for Information Security (BSI) is therefore sounding the alarm: The IT security situation in Germany is "tense to critical", it said in its annual report presented on Thursday - instead of just "tense" as it was called last year would have.

In some areas there is already a “red alert”, said BSI President Arne Schönbohm.

The reasons for the aggravation of the situation are the clear professionalization of cyber criminals, the increased occurrence of serious weaknesses in widespread IT products - and the increasing digital networking, which provides industry and public administration with many advantages, but also makes them vulnerable.

Methods that used to only be used by spies

According to the BSI, criminals now use very complex, multi-stage attack strategies that were previously only used in cyber espionage. One method: a criminal hacker encrypts data on a victim's system - and then, while negotiating a ransom with the victim, simultaneously starts an overload attack on the fallback system that the victim uses to continue his business activities. Or the perpetrator publishes captured data on so-called leak pages in order to put the victim under even more pressure.

The number of such sites, on which stolen data is offered to the public and other attackers, increased by 360 percent during the reporting period. Some attackers also reach out to customers or partners of the victim to increase the pressure. As an example, the BSI cited the case of a psychotherapeutic practice, where not only the practice owners but also their patients were blackmailed. In this context, the authority warns all those affected to report attacks as quickly as possible in order to avoid further damage.

A large number of attacks were also recorded between January and May in which blackmailers pretended to have video material of the victim allegedly showing them while visiting a website with pornographic content. The threat: If the victim does not pay a four-digit amount in Bitcoin, the compromising video will be sent to all of his contacts.

For those affected, such incidents are not only extremely unpleasant, in the corporate context they also cost a lot of money: In 86 percent of German companies, cyber attacks have recently caused damage, explained Susanne Dehmel from the management of the digital association Bitkom. The damage caused by extortion and the failure of systems have increased by 358 percent since 2019. The BSI therefore makes a clear demand: "Information security must be given a much higher priority and become the basis of all digitization projects," says the report.

In order to bundle the digitization activities on the state side and link them with IT security, the establishment of a digital ministry therefore makes sense.

Still-Federal Minister of the Interior Horst Seehofer (CSU), whose house has so far been responsible for the BSI and partly also for the digitization of the administration, did not want to express an opinion on Thursday.

To the address of the future coalition partners, he only says that “general security cannot be separated from cybersecurity”.