November 2, 2022

Key Findings from the 2021 State of IT Security in Germany

  • Cybersecurity

The Federal Office for Information Security (BSI) is Germany’s federal-level cybersecurity agency. The BSI is tasked with protecting the country’s federal administration and critical infrastructure from cyber-attacks. In addition, it monitors the national and internal cybersecurity risk landscape, and provides information security, security application development, and IT system certification services to government authorities, organizations, and citizens.


Since 2005, the BSI has published an annual report titled Die Lage der IT-Sicherheit in Deutschland detailing the state of IT security in Germany. In the 2021 State of IT Security report, the BSI provides a comprehensive overview of the cyberspace threats and events that affected Germany between June 2020 and May 2021. This article explores some of the major findings from this report. Thanks for reading!

Malware and Ransomware Threats Have Increased

In 2019 and 2020, the Emotet malware dominated Germany’s digital environment, more so because it enabled a cascade of other malware attacks and targeted ransomware incursions on hand-picked victims. Emotet is no longer such a big threat in Germany because its infrastructure was successfully dismantled in January 2021. Nonetheless, other malware threats have emerged to replace Emotet, along with new attack methods and tools that continue to endanger Germany.

The 2021 report states that attackers have accelerated their production of new malware variants. In 2020, an average of 322,000 new variants a day were identified. This number zoomed up to 394,000 variants per day in 2021. In some months, the number was even higher. For example, in February, the BSI detected 553,000 new malware variants per day – a new record in its 16-year history.

What’s even more worrying is that the number of new malware variants increased by a whopping 144 million, 22% more than the 117.4 million new variants that were discovered in 2020. The BSI warns that although detection methods are available for known variants, new variants are often unidentifiable as malware, which is why they are a particularly dangerous cyber-threat. These findings are just one reason why the BSI describes Germany’s overall IT security situation as “serious to critical”.

Cyber extortion with ransomware now focuses on “big game” hunting

In the reporting period, the BSI observed that many ransomware attacker groups focus on targets from whom they could demand the highest possible ransoms. While hunting such “big game” targets, the adversaries first determine the most appropriate and highest possible amount they could extort from them, based on their analyses of victims’ financial worth. And to conduct such analyses, they typically use publicly-available information, such as company size or financial statements.

According to the BSI, businesses and institutions with large-scale IT infrastructure are particularly at risk of ransomware attacks due to vulnerabilities in remote administration and VPN gateways.

In addition to big game hunting, the BSI says that many attackers are also leveraging ransomware for new types of cyber extortion attempts. In these attempts, they don’t just encrypt the victim’s data, but also ex-filtrate it beforehand. Encryption allows them to demand huge ransoms while ex-filtration gives them the ability to threaten the victim with data destruction and disclosure. More and more attackers are also using ransomware attacks to conceal other attacks and to perpetrate large-scale campaigns against multiple victims.

Cybercriminals have become smarter and more resourceful

BSI found that in 2021, more cyber-criminals encrypted the data of businesses and organizations in complex, multi-stage attacks. They also honed their attack strategies and have become very resourceful, particularly when negotiating with victims for ransom payments.

For example, smart attackers exert additional pressure on victims by contacting their customers, partners, and employees. By threatening these parties with the exposure of their personal data, the attacker tries to draw public attention to the victim’s inability to protect this data. This not only damages the victim’s reputation, but also makes it more likely that they would end up paying ‘hush money’ to the attacker.

Some attackers also resort to ‘double extortion’ to generate additional profit from the ex-filtrated data. This is where they not only extort the victim, but also sell the data on the black market. Others resort to additional DDoS attacks during ransom negotiations. These attacks make it harder for the victim to counter the initial ransomware attack, so they are more likely to succumb to the additional pressure to pay up.

Some of the smartest cyber-criminals are well-aware of data privacy regulations in Germany and EU, such as the GDPR. They use their knowledge about non-compliance penalties and fines to blackmail their targets. As part of the blackmail, they threaten to inform regulators about the victim’s legal infringements, which again increases the chances that the victim will pay the ransom.

Software vulnerabilities remain a huge cybersecurity challenge

In the 2021 report, the BSI warns that the mass exploitation of software and hardware vulnerabilities is could result in grave consequences for affected victims. This is worrying because attackers take advantage of these vulnerabilities to leverage new attack vectors and author serious cyberattacks.

The report calls out the serious vulnerabilities in Microsoft Exchange Server that made headlines in March 2021. Before Microsoft issued a patch, attackers exploited at least four security holes in numerous targeted attacks. BSI analyzed many systems and discovered that 98% were vulnerable to exploitation. Following this discovery, the agency raised the threat level to ‘Extremely Critical’ – the second-highest level – for only the third time in its history.


BSI’s 2021 State of IT Security report takes a very realistic view of Germany’s current cyber-threat landscape. Just like many other countries, Germany too is facing new challenges and threats in its cybersecurity and information security landscape. The report details all these challenges with solid numbers and evidence.

More importantly, it provides practical advice on how users and organizations can protect their networks and systems from threat actors. The BSI suggests that a determined global effort is required to stave off the threat of cybercriminals. Only then can we enjoy all the benefits of a digital society and the post-COVID “networked world of work”.

To avoid becoming the next victim, businesses must adopt a posture of detection and response to help mitigate risks within their network environments. Discover how to block every step in the kill chain with our Network Detection & Response Solution. With complete visibility into the ‘attack surface,” you can start to fight back–and beat ransomware gangs at their own game. Learn more.