1、The State of IT Security in Germany in 2019 2 THE STATE OF IT SECURITY IN GERMANY IN 2019 THE STATE OF IT SECURITY IN GERMANY IN 2019 | FOREWORDS 3 recent incidents, evaluate the cyber security situation, set up crisis management structures and coordinate crisis response teams. This approach is comp
2、lemented by the duties of operators of critical infrastructure as set out in the BSI Act: these duties also ensure that operators IT systems meet the very highest security standards. Alongside critical infrastructure, other parts of the economy also have particular significance for security. We will
3、 regulate the requirements for these areas in the First Amendment to the German IT Security Act. In our networked world, we derive immediate benefits from our European and international partners providing a corresponding level of security. We will therefore be supporting steps taken by the EU to imp
4、rove IT security, as well as an increased level of global dialogue. The State of IT Security in Germany Report for 2019 clearly shows how the assistance the BSI provides to nu- merous digitalisation projects not least the rollout of the 5G mobile network standard ensures that IT security is accounte
5、d for and implemented in these projects from the outset. This is essential for digitalisation projects conduct- ed on this scale. The report clearly underlines the diversity and complexity of the challenges faced in IT security. I will do everything in my power to ensure that we are able to meet the
6、se chal- lenges together. At every level of government, digitalisa- tion is being pursued in a way that offers security for us all. This is precisely what the BSI stands for. Foreword A number of cyber incidents in recent months and years have shown us once again that cyber security is a key precond
7、ition for the success of the digital transformation. If we want to fully exploit the opportunities that digital- isation offers us, we must ensure that we can master its associated risks. German citizens rightly expect that the government will adopt policies to counter the inherent dangers of digita
8、lisation. Here, the German Federal Office for Information Security (BSI) has an increasingly impor- tant role to play. Consumer protection is a matter of particular concern to me. With the First Amendment to the German IT Secu- rity Act, we have expanded the BSIs mandate to include consumer protecti
9、on. The BSI is itself part of a robust network: to ensure effec- tive protection for citizens, the economy and the state, all public authorities cooperate as part of the National Cyber Response Centre (Cyber-AZ). At the end of June 2019, we decided to develop the Cyber-AZ into a centralised infor- m
10、ation, cooperation and coordination platform for public authorities. The next step will be to further optimise the cyber situation map and risk assessment for cyber threats. The resulting improvements in the sharing of information will ensure our ability to deliver even more coordinated and rapid re
11、sponses to cyber attacks in the future. No matter how well they are run, however, public author- ities cannot ensure IT security on their own: this must be seen as a challenge to be met by society as a whole. We will be successful here only if citizens, businesses, researchers and politicians work t
12、ogether on coordinated solutions. In fulfilment of our obligations under the Coalition Agree- ment, we have therefore launched the National Cyber Security Pact. This brings together all the socially relevant groups, manufacturers, providers, end users and public authorities at every level to share t
13、he responsibility for achieving better cyber security. Special attention is paid here to critical infrastructure our electricity, water and heating utilities, for example. At all levels of our society, we are dependent on critical infrastructure being available on a continuous basis. With- out this
14、infrastructures systems and services, public life as we know it would cease to exist. Critical infrastructure is in turn dependent on information technology working smoothly and without disruption. To guarantee this, crit- ical infrastructure operators, their member associations and our agencies wor
15、k together in a secure public-private partnership known as the CIP Implementation Plan (UP KRITIS). Within this partnership, stakeholders can discuss Horst Seehofer Federal Minister of the Interior, Building and Community THE STATE OF IT SECURITY IN GERMANY IN 2019 | FOREWORDS 4 level of cyber secur
16、ity throughout our society. The BSI not only provides IT security services to the German government; it is also a centre of excellence for questions of cyber security at the national and international levels. The relentless advance of digitalisation is also reflected in ques- tions of cyber security
17、. The BSIs remit has therefore expanded to include topics such as the new 5G network infrastructure, ar- tificial intelligence, Digital Consumer Protection, a wider scope for consulting services provided to municipal and state actors, and the BSI as a central certification and standardisation body.
18、In taking on a new organisational structure and expanding to include new units and departments with concomitant respon- sibilities, the BSI has been successful not only in managing the new level of staffing required, but also in meeting its many new challenges. These cyber security challenges must b
19、e addressed at all levels and as a task tackled jointly by the relevant actors whether with our peers in the EU and NATO or at the German federal, state and municipal level; with operators of critical infra- structure or small or mid-sized enterprises (SMEs); or with long-standing partners in the re
20、sponsible federal departments and their subordinate public authorities. To pursue the integrated nationwide approach necessary, the BSI works closely with all public authorities involved in the Cyber Response Centre, which is subject to ongoing develop- ments. Cyber security is a task that must be t
21、ackled by society as a whole, and the process starts by improving awareness regarding secure and self-reliant usage of the Internet. The BSI is a service provider and point of contact that makes its wealth of information and advisory services (including a toll-free hotline) available to each and eve
22、ry citizen. With its integrated, nation- wide and manufacturer-neu- tral approach, the BSI serves as a centre of excellence that considers itself as a framer and thought leader for the digital era. As our society becomes increasingly interconnected, the digital transformation is now affecting almost
23、 every area of our lives. Were becoming faster, smarter and more mobile. At the same time, potential risks and dangers are also on the rise. To ensure the digitalisation of our society is both future-proof and secure, we need to contribute to the design of information security from the outset whethe
24、r for the digital transformation of our day-to-day lives or for processes in government administration or business. This 2019 Report analyses the current IT security landscape while looking at a number of actual incidents, including a description of the methods and resources used by the attackers. S
25、pecific approaches for improving IT security in Germany are presented, as are a number of strategies and services offered by the BSI. The various entities addressed the Federal Govern- ment, the world of business, society and international partners will be discussed in detail below. During the repor
26、ting period, the BSI again identified a wide range of critical vulnerabilities, especially in recent chip hard- ware. The importance of high-quality software and hardware was once again underlined, as was the importance that must be given to security-by-design and security-by-default: both of these
27、basic principles are a sensible and necessary condition to protect consumers and ensure the necessary degree of both security and reliability. In a related area, the BSI also established that trends that had already been described and forecast in last years report came to pass in this reporting peri
28、od. These included the frequency and impact of ransomware attacks, as well as the scope and signifi- cance of cases of identity theft. Meanwhile, the ongoing process of digital transformation is strengthening digital dependencies: ultimately, attacks that are capable of rapid, automated propagation
29、can cause widespread economic damage on a global scale or even endanger human health if they were to occur in the context of self-driving cars or medical systems, to name just two examples. The structured implementation of IT security in businesses and organisations has never been more important. Ou
30、r Alliance for Cyber Security (ACS) is the right point of contact here for companies and organisations of any size. As Germanys national cyber security authority, the BSI implements prevention, detection and response measures to ensure digital information security for the Federal Government, busines
31、ses and civil society. Our well-qualified and highly mo- tivated employees in Bonn, Germany who will soon be joined by a second office in Saxony work on analysing the current IT security situation, countering threats and increasing the general Foreword Arne Schnbohm President of the Federal Office f
32、or Information Security THE STATE OF IT SECURITY IN GERMANY IN 2019 | TABLE OF CONTENTS 5 Forewords Foreword from Horst Seehofer, Federal Minister of the Interior, Building and Community 3 Foreword from Arne Schnborn, President of the Federal Office for Information Security 4 1 Threat Landscape 6 1.
33、1 Summary and Assessment of the Threat Landscape 7 1.2 Attack Methods and Resources 8 1.2.1 Identity Theft 8 1.2.2 Malware 11 1.2.3 Ransomware 15 1.2.4 Distributed Denial of Service (DDoS) 18 1.2.5 Botnets 20 1.2.6 Spam 25 1.2.7 Trends in APT Attacks 27 1.2.8 Attack Vectors in a Cryptography Context
34、 29 1.2.9 Exploits Using Modern Processor Architectures 32 2 Solutions and Services for Specific Target Groups 36 2.1 Government/Administration 37 2.1.1 Threat Landscape for Germanys Federal Administration 37 2.1.2 BSI Solutions and Services at the Federal, State and Municipal Levels 39 2.2 Industry
35、/Critical Infrastructure 46 2.2.1 Threat Landscape for the Industry and Critical Infrastructure 46 2.2.2 BSI Solutions and Services for the Industry and Critical Infrastructure (CI) 50 2.3 Civil Society/Private Citizens 63 2.3.1 Threat Landscape for Civil Society/Private Citizens 63 2.3.2 BSI Soluti
36、ons and Services for Civil Society/Private Citizens 66 2.4 International and Research Roundup, Plus Select New Technologies 68 2.4.1 International Matters 68 2.4.2 Cooperation with Academic Research 71 2.4.3 Cryptography 71 2.4.4 Blockchain Technology 72 2.4.5 Artificial Intelligence 72 3 Overall As
37、sessment and Summary 74 4 Glossary/Imprint 77 Table of Contents 6 Threat Landscape THE STATE OF IT SECURITY IN GERMANY IN 2019 | THREAT LANDSCAPE 7 1 Threat Landscape The BSI monitors the IT security threat landscape in Germany on a continuous basis. In this report, it presents its findings from the
38、 period 1 June 2018 to 31 May 2019. After a summary of the threat landscape, the methods and resources used by attackers are described in detail, as are the general circumstances and causes. Numerous examples are also used to illustrate how attacks on IT security can adversely affect life in a digit
39、alised society. 1.1 Summary and Assessment of the Threat Landscape Recent cyber attacks have occurred primarily in the area of cyber crime. One typical example of this was another wave of ransomware attacks at the end of 2018 and the beginning of 2019. A particularly severe incident involved a cyber
40、 attack on a Norwegian supplier of aluminium. On 19 March 2019, this supplier suffered a wide-rang- ing attack utilising the LockerGoga ransomware. Most of the companys business segments were affected, and automated production was largely halted throughout the group. Even this single incident shows
41、that ransomware continues to pose a serious threat and can cause immense damage. As in previous years, malware infections continue to be one of the biggest IT-related threats to private users, businesses and public authorities. Evidence for this has been provided by the cyber security surveys conduc
42、ted in 2017 and 2018 by the Alliance for Cyber Security, among others. In 2018, 53% of reported attacks were malware infections (a slight decrease from 57% in 2017). One piece of malware of note in the reporting period is Emotet. First identified in 2010, this malware has been spreading again since
43、November 2018 with the help of infected Office documents and an increasingly sophis- ticated set of mechanisms. The fact that Emotet is an evolving piece of code is shown in particular by its new capabilities, such as Outlook harvesting which involves the analysis of the infected computers e-mail hi
44、story the downloading of other pieces of malware in the con- text of cooperative and distributed cyber crime and the use of techniques previously deployed only by Advanced Persistent Threats (APTs). Incidents of identity theft that involve large volumes of personal data being misused by third partie
45、s are also becoming more common. Cases of identity theft utilising smaller volumes of data can nonetheless become critical if perpetrators are able to disclose the victims personal data to the wider public. Alongside technical solutions, efforts to raise awareness and ensure that users take responsi
46、bili- ty for their digital lives are necessary responses to the rise in the misuse of digital identities. In terms of botnets (clusters of computers or systems that have been infected by a remotely controllable malware program, or bot), the long-term threat landscape remains serious. As recent devel
47、opments have shown, the risk of becoming part of a botnet is high, especially for mobile end-user devices and Internet of Things (IoT) systems, whose increased deployment and use in almost all areas of our day-to-day lives is offering botnets an ever-ex- panding set of targets. The comparatively low
48、 rate of infection of IoT devices in Germany can be attributed primarily to the typical kinds of Internet connection utilised by German end customers, which are regularly established through a router and do not normally allow external access from the Internet. Server-based botnets (clusters of serve
49、rs infected by a remotely controllable malware program) offer a huge pool of resources for the execution of distributed denial of service (DDoS) attacks. DDoS attack bandwidths regularly exceed the 150 Gbps mark, and may even achieve up to 300 Gbps. In general terms, constant specialisation based on the use of new attack vectors, targeted aggregation of DDoS attacks (multi-vector attacks), the deployment of new attack tools (DDoS from the cloud) and DDoS booter services (see DDoS in Section 1.2.4) is providing for a con- sistently tense threat l