BSI status report: Threats in cyberspace greater than ever

Cyber ​​criminals and state actors are endangering the security of Germans in cyberspace more than ever before.

This emerges from the current situation report of the Federal Office for Information Security (BSI), which was published on Tuesday in Berlin.

In addition to the criminal actions, behind which there are primarily financial motives, the authority identifies cyber attacks in the context of the Russian attack on Ukraine as the cause of the high threat.

In many cases, complaints were made about the inadequate quality of IT and software products.

According to the BSI, the greatest risk for private users is currently so-called identity theft, blackmail with compromising photos (“sextortion”) and fake shops on the Internet where you pay online but never receive the goods.

In identity theft, criminals use other people's personal data to open online accounts, conclude contracts or order goods and services, for example.

Those affected usually only find out when money is debited from them or bills flutter into the house.

Delay due to the release of BSI boss Schönbohm

The BSI status report was supposed to be presented about two weeks ago.

However, the appointment was canceled at short notice because the BSI boss at the time, Arne Schönbohm, had fallen out of favor with Federal Interior Minister Nancy Faeser (SPD).

The top official was then released by the minister a week later.

A successor has not yet been determined.

Before anyone can be named, the disciplinary proceedings that Schönbohm had asked for must first be awaited.

The previous BSI boss is accused of continued contacts with the German Cyber ​​Security Council (CSRD eV), which he co-founded and which is accused of having problematic contacts with Russia in parts.

Faeser said on Tuesday that the cyber threat situation, which has increased since the Russian war of aggression in Ukraine, requires a strategic realignment and significant investments in Germany's cyber security.

"The modernization of our cyber security architecture with the expansion of the BSI into a central office, the further expansion and renewal of administrative networks and IT systems, the strengthening of the security authorities for the prosecution of cybercrime and the improvement of the defense capabilities against cyber attacks are important and necessary steps for a closely interlinked federal cyber defense and an effective and efficient positioning in cyberspace.”

Ransomware attacks are currently the biggest threat

Every vulnerability in software or hardware products is a potential gateway for attackers and endangers information security in administration, business and society.

In 2021, over 20,000 vulnerabilities in software products were discovered and recorded.

This corresponds to an increase of ten percent compared to the previous year.

The Vice President of the BSI, Gerhard Schabhüser, explained that ransomware attacks are currently the greatest threat in the cyber sector.

This refers to cyber attacks on companies, universities and authorities with the aim of extorting ransom.

In the reporting period, there were several ransomware incidents in which municipalities in Germany were attacked.

The domestic policy spokesman for the FDP parliamentary group, Manuel Höferlin, said: "Regardless of the personnel debates, the BSI must be expanded to become the central office in cyber security policy and become more independent." The BSI must set up effective vulnerability management in order to consistently close security gaps.

"In addition, all government agencies must be obliged to report security gaps known to them to the BSI and to undergo regular external reviews of their IT systems." The coalition will create a "secure legal framework" for this.