Billions in damages
BSI sees a major threat from cybercrime
The BSI has been noticing for some time now that criminal hackers are increasingly selecting victims who appear to them to be easily vulnerable (symbolic image). photo
© Sina Schuldt/dpa
As President, Claudia Plattner presented the BSI’s management report on cybersecurity in Germany for the first time. Their sober assessment is: “worrying”.
The threat from cybercriminals has increased significantly in Germany and could grow even further through the misuse of AI language models such as ChatGPT. This is the conclusion reached by the Federal Office for Information Security (BSI) in its current management report, which covers the period from June 1, 2022 to June 30 of this year. “Overall, the situation in the current reporting period was tense to critical,” says the authority.
An average of 68 new vulnerabilities in software products were registered every day – around 24 percent more than in the previous year, according to the report, which was presented in Berlin. For example, cyber extortionists exploited two vulnerabilities in file sharing products to access data from numerous users at home and abroad and then threaten to publish it.
Artificial intelligence as a risk
The BSI warns that the use of artificial intelligence (AI) not only presents opportunities, but also risks, for example if data used to train the AI is manipulated. This could, for example, be done with the aim of triggering disinformation campaigns and thus influencing public opinion. The use of AI in programming could also contribute to a proliferation of vulnerabilities. In addition, large AI language models represent a weak point in themselves “due to their black box character,” warns the Federal Office.
For systems in which the output of AI language models are converted into actions, it is important that these systems can only act under human control. To do this, queries should be built in, such as “Do you really want to transmit this personal data to provider XY/to the cloud storage?” or “Buy/book now for a fee?”.
Hackers choose victims based on “rational cost-benefit calculation”
The BSI has been noticing for some time now that criminal hackers are increasingly choosing the path of least resistance and are increasingly selecting victims who appear to them to be easily vulnerable. “The focus was no longer on maximizing the potential ransom money, but rather on the rational cost-benefit calculation,” the report says. Small and medium-sized companies, state and local governments as well as schools and universities are increasingly falling victim to so-called ransomware attacks.
Ransomware is when attackers exploit poor data security or other errors to infiltrate systems and encrypt data. The blackmailers then demand a ransom for the decryption. Since 2021, the BSI has observed that ransomware attackers are increasingly putting their victims under pressure by publishing stolen data on so-called leak sites.
Competitive pressure in cybercriminal services
As more and more cyber criminals also use the “services” of other criminals for their attacks, increasing competition pressure has arisen between the providers of this “crime-as-a-service” model. According to the BSI, this competition between cybercriminal groups maximizes the pressure on affected victims.
“States and municipalities must finally strengthen the cyber resilience of public administration and be obliged to implement risk-adequate cybersecurity measures,” demanded Iris Plöger, member of the executive board of the Federation of German Industries (BDI). Otherwise, the digital and green transformation risks being slowed down by cyber attacks.
At least the BSI has some reasonably good news. Regarding the feared hacker attacks by pro-Russian actors after the start of the war, the report states: “In the context of the Russian war of aggression against Ukraine, there was a threat primarily from pro-Russian hacktivism attacks, which, however, did not cause any lasting damage and are more likely to be seen as propaganda tools.” Federal Interior Minister Nancy Faeser (SPD) also called on citizens to report hate posts on the Internet.
Immense damage caused by cybercrime
According to a study by the digital industry association Bitkom, cybercrime recently caused more than 200 billion euros in damage to the German economy every year. If you look at this sum in relation to the federal budget for this year of around 476 billion, the dimension of the problem becomes clear, said BSI President Claudia Plattner. This makes it all the more important to finally implement the plans for a central office function of the Federal Office, demanded the head of the authority, who took up her post at the beginning of July.
Faeser emphasized that she is in the process of winning the states over to this planned reform. There were initially concerns, especially in some larger federal states. However, she is optimistic that an agreement will be reached, which will then also be approved by the Federal Council.
Faeser was accused of having relieved former BSI President Arne Schönbohm of his duties in autumn 2022 without good reason. Jan Böhmermann’s satirical show “ZDF Magazin Royale” had previously discussed Schönbohm’s closeness to a club that had come under criticism for alleged contacts with Russian secret services.