Threat Landscape 2024 – Cybercrime at Record High in Germany

"The situation is concerning" – with these words, the BSI describes the IT security situation in Germany year after year. What sounds dramatic can be substantiated with numbers: hundreds of thousands of new malicious programs appear daily, exploiting vulnerabilities. In this article, we paint a picture of the current threat landscape: what developments can be observed, what does this mean for companies – and where might there also be bright spots?

Alarming Cybersecurity Metrics

The current BSI situation report 2024 provides alarming key figures. In the observation period, an average of 309,000 new malware variants were registered daily – an all-time high. For comparison: last year this value was already high, but somewhat lower; the curve continues to rise steeply.

This means the industrial production of malware is running at full speed. Behind these numbers are often criminal gangs offering malware construction kits (Malware-as-a-Service). This allows even less skilled criminals to launch highly complex attacks.

Professionalization of Cyberattacks

Another phenomenon is the professionalization of attackers. The BSI observes that cybercriminals increasingly proceed in a division-of-labor and business-like manner. Extortion with stolen data, for example, has developed into a lucrative mass model: data is stolen to demand ransom – and if not paid, publication is threatened (so-called double extortion).

Ransomware thus remains one of the biggest threats; last year the number of known ransomware victims increased by 77%. According to the BSI, particularly in the crosshairs are not only large companies but also SMEs and public institutions, often due to their lower protective measures.

Explosive Increase in Security Vulnerabilities

The number of discovered security vulnerabilities in software is also steadily increasing. In 2023, there were around 78 new vulnerabilities per day, an increase of 14% compared to 2022. Among them are critical "zero-day" vulnerabilities that manufacturers must first fix while attackers are already exploiting them. This shows the necessity for quick update processes in companies.

New Attack Vectors Through Digitalization and AI

Progressive digitalization also creates new attack surfaces. Examples include attacks on home office workplaces or video conferencing systems. Here, hackers often use social methods (e.g., phishing) to penetrate less protected home networks and access company data from there.

AI technologies also play a role: cybercriminals experiment with AI tools to produce, for example, deceptively real deepfake voice messages (imagine the "boss" calling and asking for a transfer – only it's not the boss at all, but an AI voice).

Bright Spots: Successes in the Fight Against Cybercrime

Despite all the negative headlines, there are also bright spots. Authorities record successes in international cooperation. Large botnets could be dismantled, and some ransomware groups were taken down by law enforcement.

Moreover, security awareness in business and politics is rising. Investments in cybersecurity are growing, and many companies are increasing their resilience – for example, through emergency plans and cyber insurance. BSI President and Interior Minister emphasize that resilience against attacks is gradually increasing, which is absolutely necessary.

In summary, the threat landscape is serious: as high and diverse as never before.

Practice Tip: Stay informed. Read, for example, the annual BSI situation report (available free at bsi.bund.de) or subscribe to warnings from the Alliance for Cyber Security. Understanding the general situation helps to better assess the relevance for your own company and recognize the need for action. Following the motto: no panic, but stay vigilant and be prepared.