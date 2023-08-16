Dhe Federal Criminal Police Office (BKA) identified 136,865 cases of cybercrime committed in Germany last year – a decrease of 6.5 percent. The investigators count the spying on data or so-called ransomware attacks. The attackers infiltrate the systems of companies or authorities, encrypt as much important data as possible and then demand a ransom for the return. The BKA explains the decline, among other things, with the easing of the corona measures. The strong increase in online trade and mobile working had increased the attack surface for hackers.

The decline is “not a sign of relaxation,” emphasized BKA Vice President Martina Link when presenting the police crime statistics. She assumes that up to 90 percent of cyber crimes remain in the dark. In addition, the statistics only record crimes committed in Germany. More attacks are coming from abroad – and here the BKA has determined a “constant increase”, last year by 8 percent. The BKA is currently only collecting this data in a pilot project, but it should soon be included in the official evaluations.





Above all, Link is concerned about the increasing quality of the attacks – also thanks to artificial intelligence (AI). This enables even more targeted so-called phishing mails, with which hackers want to steal their victims’ access data. AI can also make it easier to scout out vulnerabilities in the systems of potential victims, a lot of data is openly visible on the Internet and only needs to be analyzed. The increasing professionalism of attackers is also reflected in so-called DDoS attacks, which paralyze systems by overloading the data network. Attackers need less and less time to cause system disruptions.

Just a few seconds make “a huge difference”

This is also shown by an evaluation by the Frankfurt IT company Link11, which specializes in DDoS attacks, which was available to the FAZ before publication. Accordingly, the DDoS attacks in the first half of 2023 reached a critical level after an average of 60 seconds, in 2022 it was 93 seconds. “For the defenders, just a few seconds can make a huge difference,” says Link11 spokeswoman Lisa Fröhlich in an interview with the FAZ







In addition, the IT security company recorded 70 percent more DDoS attacks compared to the same period last year. “One of the biggest drivers are politically motivated attacks,” says Fröhlich. The trigger for this is the Russian attack on Ukraine. Pro-Russian hacker groups such as REvil, Killnet and the new group Anonymous Sudan, which has been active since the beginning of the year, have even formed a hacker collective called Darknet Parliament in order to increase their clout. “These groups are very well organized and work in a highly professional manner,” says Fröhlich. And they are efficient: as soon as they realize that they are unsuccessful, they stop the attacks early.

Hackers combine attack types

The professionalism is also reflected in attacks that are becoming increasingly complex. Attackers are increasingly using so-called multi-vector attacks, in which they attack several vulnerabilities at once. The proportion of such attacks has risen from 35 percent to 52 percent. Link11 notes that cybercriminals are increasingly combining different types of attacks, such as DDoS and ransomware attacks. In doing so, hackers first overload the systems to distract the defenders, and then sneak malware into the system or extract data unnoticed. They then use these to extort ransoms.





However, the blackmailed companies are less and less willing to pay the sums demanded. According to data from the IT security company Coveware, in 2022 only 41 percent of the companies affected by a ransomware attack paid a ransom. In 2019 it was still 76 percent. Accordingly, in 2022, detected ransom payments via cryptocurrencies worldwide fell to $457 million from $766 million in the previous year. BKA Vice President Martina Link also recommends companies not to pay. “It just feeds more money into the criminal ecosystem.”





However, the level of detection of cybercrime remains low. In 2022, the clearance rate stagnated at 29.2 percent. The BKA is therefore increasingly focusing on destroying the hacking infrastructure instead of finding the perpetrators. Countries like Russia, China or North Korea offer shelter to many hacker groups, which makes international criminal prosecution difficult. Instead, the investigators increasingly want to paralyze so-called botnets, i.e. a group of automated malicious programs, or smash illegal marketplaces and financial infrastructures. As an example, Link cited the shutdown of the illegal Darknet marketplace Hydra in April 2022.