BSI situation report on cyber security 2021: Threat situation tense to critical
by Svenja Koch
"We are on red alert in the area of information security."
With the BSI Situation Report 2021, the Federal Office for Information Security makes it clear that the cyber threat situation remains tense.
BSI President Arne Schönbohm makes it clear: "In the area of information security, we have a red alert - at least in some areas." Cyber attacks on hospitals, paralysed supply chains and digital protection racketeering are encountering serious vulnerabilities in available IT products. For example, a dangerous security vulnerability was recently found in Microsoft Exchange, which was found on 98% - or pretty much all - of the systems tested. At the beginning of the year, the BSI had to note the highest value of new malware ever measured - and around 553,000 new malware variants that enter circulation every day. In the reporting period, the BSI counted a staggering 144 million (!) new malware variants, which corresponds to an increase of 22 % compared to the same period last year. Arne Schönbohm is rightly alarmed - especially since a further increase in the numbers is almost certain as digitisation progresses.
The cyber threat situation is dominated by cybercriminal extortion methods
The BSI sees a "trend" that was already noticeable in 2020 and that has intensified again in 2021 in the area of cybercriminal extortion. The inventiveness of cybercriminals in terms of protection money, hush money and ransom knows hardly any bounds:
- In autumn 2020, a global campaign of cybercriminals began extorting protection money from their victims under the threat of DDoS attacks.
- In autumn and winter 2020, a global wave of attacks started at the same time with the Emotet malware, which has achieved dubious notoriety. The attacks extorted ransoms on a large scale.
- A new attack strategy targeted companies that wanted to protect themselves with regular backups against ransomware and possible encryption of their data by cybercriminals. The cybercriminals saved the data before encrypting it and threatened their victims with publishing the captured data - unless appropriate hush money was paid.
- Spam campaigns also jumped on the blackmail bandwagon. In the spam emails, the cybercriminals pretended to have tapped the victims' data and threatened to publish it. The data was never in the hands of the cybercriminals, but the threat was enough to persuade many victims to pay hush money.
Outsourcing and threatening ingenuity endanger cyber security 2021
Under the term proliferation, the BSI records the spread of cybercriminal methods, technologies and know-how between different hacker groups. What is known in the private sector as outsourcing, namely a division of labour and the outsourcing of individual components of a task, is also becoming increasingly popular among cybercriminals. Cybercrime-as-a-service is the "business model" of the year here. Hacker groups specialising in certain techniques take on parts of a complex cyber attack as contract work, while other groups publish tapped data on specially set up leak sites. The leaked data, in turn, can be conveniently bought by other attackers and used for new cyber attacks. The cyber threat situation in 2021 is unfortunately characterised by increasingly sophisticated business models of cyber criminals.
Four sensational cyber attacks from the BSI Situation Report 2021
Among the countless cyberattacks that took place in 2020/2021, four cases stood out in particular. The BSI lists these four cyberattacks in detail in the 2021 Situation Report.
Cyber attack on a hospital
In autumn 2020, a university hospital in NRW fell into the crosshairs of cybercriminals. The hospital treats around 50,000 inpatients annually and is listed as "critical infrastructure" by the BSI. On 10 September 2020, it was reported that the university hospital had fallen victim to a ransomware attack. The attackers used a vulnerability on the Citrix NetScaler gateway - a network product that is used at the hospital for remote access, among other things. The university hospital reacted immediately, disconnected the internet connection and shut down most of the Windows servers in use. After the blackmailers sent a letter, it became clear that the attack was not directly directed at the hospital, but was actually focused on the university. After the investigating authorities alerted the cybercriminals to this fact, the digital key for restoring the data and IT systems was handed over.
Passport data theft
In August 2020, the Argentine Immigration Service was the victim of a ransomware attack. A hacking group called NetWalker claimed responsibility for the cyberattack, in which passport data of around 100,000 people was captured. For the release of the personal data, the cybercriminals promoted a ransom of four million dollars. The immigration authorities did not comply with this demand. A week later, the data was uploaded to a website and the link including the password to the website was published on the Darknet.
Attack on pipeline operator
The US pipeline operator Colonial Pipeline Company operates the largest refined products pipeline system in the US. In May 2020, the company's administration was the target of a cyberattack using the Darkside ransomware. Darkside is a ransomware-as-a-service product and was considered one of the most advanced ransomware variants in 2020. As a result of the attack, Colonial Pipeline Company had to shut down the management network and suspended pipeline operations purely as a precaution. This caused regional shortages and hoarding in some parts of the US. After the attack, the operators of the RaaS offering Darkside announced that the attack had been carried out by an affiliate and that the extent of the damage had not been intended.
Ransomware attack on media group
Shortly before Christmas 2020, a major German media group had to deal with a ransomware attack. The cyber attack paralysed internal processes so that print and online media could no longer be provided in full. The attackers, known as Doppel Spider, relied on double extortion, a combination of encryption and the publication of data tapped in advance. Even though the media group made efforts to quickly restore its systems, the media offering could not be fully delivered again until the end of January 2021.
Cybersecurity 2021 is also massively affected by phishing
Phishing is by no means a new form of cybercrime - but the mass tapping of data via fake links or SMS (smishing) occupies a prominent place in the BSI Situation Report 2021. The theft of identity data through harmful scripts, complex malware or social engineering (or a combination of different approaches in an attack) is putting online retailers and banks under massive pressure. The BSI situation report lists the Corona pandemic as having a "significant impact on the threat situation in the area of identity data". Due to the "physical distance" that has become necessary since Covid-19, trust in digital identity has become increasingly important. Cyber attacks on personal data "also influence trust in digitalisation itself", according to the BKI situation report.
Advanced Persistent Threats
Highly professional attacks on selected targets planned with great effort - Advanced Persistent Threats (APTs) are clearly different from other cyber threat situations. APTs do not focus on criminal, financial gains, but rather on information gathering, espionage or sabotage. Attackers target governments, defence companies or NGOs and provoke technical, political, economic or strategic incidents.
Cyber security 2021 at a glance
- Ransomware and DDoS is on trend: +360% more data leak sites than last year
- 144 million new malware variants in circulation: +22% year-on-year
- Around 394,000 new malware variants per day
- Twice as many bot infections of German systems than last year
- 98% of all systems checked are vulnerable to MS Exchange vulnerabilities
- 14.8 million reports of malware infections were sent by the BSI to German network operators. A doubling compared to the same period last year
- 44,000 mails with malware are intercepted in German government networks per month
- 74,000 websites are blocked by the web filters of the government networks because of malware they contain
- Every fourth citizen has already been a victim of cybercrime
The BSI Situation Report 2021 clearly shows that the cyber threat situation must be considered extremely critical. More cyber attacks than ever before, highly professional hackers and criminal services such as RaaS meet massive security gaps and a still too careless population. Cybersecurity 2021 is threatened above all by ransomware. Blackmail, protection money, hush money: it seems that the "most popular" methods of classic criminals are transported almost 1:1 into the digital world. While the average citizen has to deal with phishing, smishing and other identity theft, governments and NGOs suffer from APTs - espionage, sabotage and theft of the most sensitive corporate data by highly professional hacker groups.
One thing is clear from the BSI Situation Report 2021. The relevance of professional cyber defence has once again increased significantly. In addition to increased reactive security through appropriate security software, trained cyber security experts and round-the-clock monitoring of one's own networks, the tense cyber threat situation can also be countered with active cyber security. Specialised service providers such as secion make it possible to actively combat cyber attacks - around the clock and 365 days a year.