What the BKA statistics record is only “the tip of the iceberg” – but even that is considerable: the BKA registered 136,865 cases of cybercrime in 2022. Blackmail with ransomware in particular could be “existentially threatening”.
The number of criminal cyber attacks in Germany remains at a high level. According to the Federal Criminal Police Office (BKA), 136,865 such cases were registered last year. That was a drop of 6.5 percent compared to the previous year, but the BKA expressly sees no sign of a trend reversal. Because the total number of cases was again more than 130,000 – a value that, according to the BKA, was reached for the first time in 2020 in the wake of the corona pandemic.
In addition, the figures from the domestic crime statistics only show “the tip of the iceberg”, emphasized BKA Vice President Martina Link when presenting the Federal Situation Report Cybercrime 2022. On the one hand, the BKA estimates the number of unreported cases to be up to 90 percent – that is, out of ten cases of cybercrime, only one is actually reported. On the other hand, according to the Federal Criminal Police Office, no attacks are recorded in the statistics that were carried out by perpetrators abroad. Experts assume that attacks from Russia or pro-Russian actors in particular have increased significantly.
Financial damage “often existence-threatening”
“Therefore, there can be no talk of an all-clear in the area of cybercrime,” said BKA Deputy Head Link. The financial damage is “enormous” and “often life-threatening”. The German digital industry association Bitkom has prepared a study and puts the damage last year at 203 billion euros – around twice as much as in 2019.
Various forms of attacks on the IT infrastructure of companies, authorities or other institutions are referred to as criminal cyber attacks, in which attempts are made, for example, to steal data or paralyze computers. This form of crime has long been an international illegal industry with a highly specialized division of labor, said Link.
phishing remains main gateway
The most damaging are blackmails from companies with ransomware. Whole databases and IT systems are paralyzed with malware and the companies are blackmailed with it. The BKA referred to a global study by the cybersecurity company Coveware, according to which 41 percent of the companies affected paid a ransom. Bitkom President Ralf Wintergerst warned that the key offered by the blackmailers for the solution often does not work.
According to the Federal Criminal Police Office’s situation report, phishing is still the main gateway for malware, which then enables ransomware attacks, among other things. Phishing is the sending of emails with infected attachments or links.
GdP: responsibilities between the federal and state governments
BKA and Bitkom promoted additional investments in IT security and for trusting cooperation between companies and security authorities. According to Bitkom boss Wintergerst, the authorities need detailed information from the companies in order to understand how the perpetrators acted and what weaknesses they exploit. At the same time, the authorities would have to be able to react quickly.
The police union (GdP) called for more staff and clearer responsibilities between the state police and the federal authorities. GdP boss Jochen Kopelke called on Federal Minister of the Interior Nancy Faeser to quickly discuss the relevant KRITIS law with the federal states and to remove duplicate structures.