Threat Landscape 2024 – Cybercrime at Record Levels in Germany

“The situation is concerning” – with these words, the BSI describes Germany’s IT security situation year after year.

What sounds dramatic can be backed up by numbers: Hundreds of thousands of new malware programs appear daily, exploiting vulnerabilities. In this article, we paint a picture of the current threat landscape: What developments are being observed, what does this mean for businesses – and where might there even be some silver linings?

Alarming Cybersecurity Statistics

The current BSI Situation Report 2024 delivers alarming figures. During the reporting period, an average of 309,000 new malware variants were registered daily – an all-time high. For comparison: last year’s figure was already high but somewhat lower; the curve continues to rise steeply.

This means the industrial production of malware is running at full capacity. Behind these numbers are often criminal gangs offering malware toolkits (malware-as-a-service). This allows even less technically skilled criminals to launch highly complex attacks.

Professionalization of Cyberattacks

Another phenomenon is the professionalization of attackers. The BSI observes that cybercriminals are increasingly operating in a structured, business-like manner. Extortion with stolen data, for example, has developed into a lucrative mass model: data is stolen to demand ransom – and if payment is refused, publication is threatened (so-called double extortion).

Ransomware thus remains one of the biggest threats; last year the number of known ransomware victims increased by 77%. According to the BSI, targets include not only large companies but also SMEs and public institutions, often due to their lower security measures.

Explosive Increase in Security Vulnerabilities

The number of discovered vulnerabilities in software is also steadily increasing. In 2023, there were around 78 new vulnerabilities per day, an increase of 14% compared to 2022. Among these are explosive “zero-day” vulnerabilities that manufacturers must first patch while attackers are already exploiting them. This demonstrates the need for fast update processes in companies.

New Attack Vectors Through Digitalization and AI

Advancing digitalization also creates new attack surfaces. Examples include attacks on home office workplaces or video conferencing systems. Hackers often use social methods (e.g., phishing) to penetrate less protected home networks and then access company data from there.

AI technologies also play a role: cybercriminals are experimenting with AI tools to produce convincingly real deepfake voice messages (imagine the “boss” calls and asks for a bank transfer – except it’s not the boss at all, but an AI voice).

Silver Linings: Successes in the Fight Against Cybercrime

Amid all the negative headlines, there are also silver linings. Authorities are reporting successes in international cooperation. Large botnets have been dismantled, and some ransomware groups have been taken down by law enforcement.

Additionally, security awareness is growing in business and politics. Investments in cybersecurity are increasing, and many companies are improving their resilience – for example through emergency plans and cyber insurance. The BSI president and interior minister emphasize that resilience against attacks is gradually improving, which is absolutely necessary.

Overall, the threat landscape is serious: higher and more diverse than ever.

Practical Tip: Stay informed. Read the annual BSI Situation Report, for example (available free at bsi.bund.de). Understanding the general landscape helps better assess the relevance for your own company and recognize the need for action. Following the motto: no panic, but stay vigilant and be prepared.