BKA Federal Cybercrime Situation Report 2024: Successful prosecution curbs ransomware wave

The latest Federal Cybercrime Report 2024 published by the BKA paints a mixed picture: while the number of reported ransomware attacks fell slightly to 950 cases, cybercrime committed abroad rose to over 200,000 cases. At €178.6 billion, the damage caused by cyberattacks reached a new high. Particularly worrying is the increasing use of AI by cybercriminals to perfect phishing campaigns and develop malware more efficiently.

At the same time, the BKA has achieved significant investigative successes: international operations such as ‘Endgame’ and ‘Cronos’ have severely restricted the activities of leading ransomware groups. The successful dismantling of marketplaces such as Crimemarket and Nemesis Market and the shutdown of critical malware infrastructures show that the digital space is by no means a legal vacuum. However, Germany remains the fourth most frequent target of ransomware attacks worldwide, with SMEs and critical infrastructure being particularly affected.

BKA Federal Cybercrime Situation Report 2024: Successful prosecution curbs ransomware wave – AI exacerbates threat situation

The latest Federal Cybercrime Report 2024 published by the BKA paints an ambivalent picture: while the number of reported ransomware attacks fell slightly to 950 cases, cybercrime committed abroad rose to over 200,000 cases. At €178.6 billion, the damage caused by cyberattacks reached a new high. Particularly worrying is the increasing use of AI by cybercriminals, who are using it to perfect phishing campaigns and develop malware more efficiently.

At the same time, the BKA has achieved significant investigative successes: international operations such as ‘Endgame’ and ‘Cronos’ have severely restricted the activities of leading ransomware groups. The successful dismantling of marketplaces such as Crimemarket and Nemesis Market and the shutdown of critical malware infrastructures show that the digital space is by no means a legal vacuum. However, as the fourth most frequent target of ransomware attacks worldwide, Germany remains a focus for cybercriminals, with SMEs and critical infrastructure being particularly affected.

Leading IT security experts comment on the latest developments:

Marco Eggerling, Global CISO at Check Point Software

‘The threat of cyber attacks is highly dynamic, increasingly professional and further exacerbated by AI. Cross-border attacks are particularly alarming, as technical protective measures alone cannot stop them. Effective defence requires not only resilient IT, but also close cooperation with security authorities, international collaboration and awareness at all levels. Cyber security has therefore long been a strategic issue for organisations and society as a whole.’

Thomas Müller-Martin, Global Partner Lead at Omada

“The money lost in Germany last year as a result of cybercrime could buy Spotify, Ferrari and Lufthansa. The €178.6 billion in damages estimated by the BKA report is obviously a devastating amount, so the bottom line is that if you don’t protect identities today, you’re opening the door to hackers tomorrow. Identity governance is not a “nice-to-have”, but an essential line of defence against a highly professional, internationally active threat environment. Every unmanaged account and every excessive access privilege is a potential gateway. Modern IGA solutions can isolate compromised accounts in seconds. Anyone who takes security seriously must protect and control digital identities intelligently, automatically and consistently.‘

Alex Laurie, SVP Global Sales Engineering and Go-To-Market Programs at Ping Identity

’The BKA statistics show impressively that cybercriminals operate globally with over 200,000 crimes committed abroad, using stolen identities as a gateway. Modern CIAM systems must therefore use AI to detect anomalous behaviour in real time – for example, when a German user suddenly logs in from one of the “safe haven” countries mentioned in the report. Zero trust architectures with adaptive authentication are indispensable today.”

Kristian von Mejer, Director Central & Eastern Europe at Forescout “Statistically speaking, 950 ransomware attacks mean more than two successful attacks every day – and that’s just the officially reported cases. The high number of unreported cases and the focus on OT environments in critical infrastructures require continuous identification, classification and risk assessment of all networked devices. Our platform also automatically identifies and segments unmanaged IoT and OT systems, which often serve as entry vectors.‘

Frank Heisel, Co-CEO of RISK IDENT ’The BKA report documents the dangerous convergence of AI and cybercrime: fraudsters are using generative AI for deceptively real identity forgery and social engineering. Our machine learning algorithms analyse behaviour patterns in real time and detect AI-generated fraud attempts based on subtle anomalies. With an average ransomware loss of £277,000, preventive fraud detection is essential.”

Alexander Koch, SVP Sales EMEA at Yubico

‘Successful police operations against phishing infrastructures are important, but the best protection remains prevention. With 82% of all cybercrime cases based on computer fraud, phishing-resistant authentication methods are essential. Hardware security keys offer physical protection that even AI-powered attacks cannot overcome – they require the direct presence of the authorised user.’

Zac Warren, Chief Security Advisor, EMEA at Tanium

“178.6 billion euros in damage caused by cyber attacks – an increase of 20% – underscores the need for proactive endpoint security. Operation Endgame, highlighted in the BKA report, shows that cybercriminals use complex malware chains with multiple loaders. Our autonomous endpoint management platform detects and stops such multi-stage attacks in real time before they can spread laterally.‘

Gerald Eid, Regional Managing Director DACH at Getronics

’The increase in foreign offences to over 200,000 cases documented in the BKA report shows that cybercriminals are exploiting the global interconnectedness of workplaces. With 72% of ransomware attacks in double extortion mode, distributed workspace environments are particularly at risk. Our end-to-end workspace security solutions protect the entire digital workplace – from the endpoint to the cloud to the collaboration platform. With our Managed Workplace Services, we offer a cost-effective alternative to setting up in-house security teams, especially for SMEs, which are heavily affected in the report.‘

Michael Heuer, Area VP Central Europe/ DACH at Keepit ’The success of law enforcement agencies in dismantling ransomware groups is impressive, but 950 successful attacks show that companies need to prepare for the worst. Immutable backups that cannot be altered even if admin rights are compromised are the last line of defence. We offer air-gapped backup solutions, especially for the frequently attacked SaaS applications mentioned in the report.”

Stephan Fauser, Head of Sales, SpaceNet AG

“As a managed service provider, we are following the developments documented in the BKA report with concern: 29,399 DDoS attacks were recorded across Germany – an increase of over 30% on the previous year. Particularly alarming is the increase in the average attack duration to 48 minutes at 1,201 Mbit/s bandwidth. In our certified high-security data centres in Munich, we protect not only our customers’ cloud and AI solutions, but also their entire IT infrastructure with high-performance DDoS protection. In addition, our 24/7 Security Operations Centre (SOC) takes proactive defensive measures as soon as threats are detected.”

Dr Martin Krämer, Security Awareness Advocate at KnowBe4

“The BKA reports a significant increase in phishing, smishing and QR code phishing. Business email compromise, one of the most costly attacks for its victims, is missing, even though this threat is growing worldwide, according to the latest editions of the Verizon Data Breach Investigations Report and the IBM Cost of a Data Breach Report. Attackers are increasingly based abroad, reflecting tense geopolitical relations and shifting international power dynamics. Noteworthy is the concentration of cybercriminals on SMEs (80%), with 72% of attacks using double extortion tactics. As a result, SMEs can no longer afford to leave their employees untrained and uninformed about the threats. Nevertheless, it is encouraging to see law enforcement agencies taking tough action against cybercriminals – something that the public sector industry must support. Ultimately, we must expect to see an increase in more complex AI-enabled attacks, including BEC, video/audio deepfakes and supply chain attacks. While law enforcement agencies are working hard to stop criminal activity, businesses must put the right technologies, processes and training in place for their employees to defend themselves.”

Matthias Canisius, Head of Sales, Mondoo GmbH

“Vulnerabilities remain one of the most important gateways for cybercriminals, alongside phishing. According to Bitkom, the damage caused by this will amount to almost €179 billion in 2024 alone.

This development is further exacerbated by increasing digitalisation, ever closer networking and the lowering of the entry threshold through cybersecurity-as-a-service. The result: the attack surface is constantly growing – and with it the opportunities for crime. One of our central tasks – today and in the future – will therefore be to consistently close these gateways. The goal must be to prevent attacks from happening in the first place. The early and active use of effective protection mechanisms that work even in complex and mature IT landscapes without impairing operational activities will be a crucial component of future security strategies.”

Jörg Vollmer, General Manager, Field Operations, DACH & CEE at Qualys

“The BKA’s 2024 Federal Cybercrime Report shows that IT vulnerabilities – alongside phishing and other techniques – play a central role in cyber attacks. On average, 15 vulnerabilities were actively exploited every month, often including particularly critical zero-day gaps. At the same time, the financial damage caused by cyber attacks reached a new high of 178.6 billion euros. These figures suggest that companies urgently need to align their IT security architectures with security by design in order to minimise vulnerabilities as early as the development phase. It is also essential to continuously record all IT assets and systematically check them for security risks. Centralised, risk-based vulnerability management enables companies to quickly and specifically identify and remedy those risks that are actually critical, given the thousands of new security vulnerabilities reported each year. Compliance-driven industries such as financial services, healthcare, telecommunications and manufacturing, as well as operators of critical infrastructure (KRITIS), are particularly challenged in this regard. Only a consistent and proactive strategy that combines continuous monitoring, prioritisation of cyber risks and integrated security design can effectively protect companies from the increasingly complex threats fuelled by AI.”

Peter Machat, Senior Director EMEA Central at Armis

“The results make it clear that despite international investigative successes such as Operation Endgame, the threat of cyber attacks remains high – especially for critical infrastructure. The increasing use of AI by attackers and a lack of transparency about connected devices are further exacerbating the situation.

The latest Armis Cyberwarfare Report shows that Germany is particularly vulnerable in international comparison – especially in sectors such as energy supply, healthcare and public administration. These sectors use an above-average number of outdated or unsecured OT systems, which often serve as entry points for targeted attacks.

Without complete visibility and continuous risk analysis of all networked assets, vulnerabilities remain undetected for a long time and provide gaps that threat actors can exploit. “A holistic security strategy that integrates IT, OT, IoT and building management systems and maps them in real time is essential today. The BKA report makes it clear that digital resilience is no longer a distant goal for the future – it is an immediate necessity.” Leading IT security experts comment on the latest developments:

Marco Eggerling, Global CISO at Check Point Software

‘The threat of cyber attacks is highly dynamic, increasingly professional and further exacerbated by AI. Cross-border attacks are particularly alarming, as technical protective measures alone cannot stop them. Effective defence requires not only resilient IT, but also close cooperation with security authorities, international collaboration and awareness at all levels. Cyber security has therefore long been a strategic issue for organisations and society as a whole.’

Thomas Müller-Martin, Global Partner Lead at Omada

“The money lost in Germany last year as a result of cybercrime could buy Spotify, Ferrari and Lufthansa. The €178.6 billion in damages estimated by the BKA report is obviously a devastating amount, so the bottom line is that if you don’t protect identities today, you’re opening the door to hackers tomorrow. Identity governance is not a “nice-to-have”, but an essential line of defence against a highly professional, internationally active threat environment. Every unmanaged account and every excessive access privilege is a potential gateway. Modern IGA solutions can isolate compromised accounts in seconds. Anyone who takes security seriously must protect and control digital identities intelligently, automatically and consistently.‘

Alex Laurie, SVP Global Sales Engineering and Go-To-Market Programs at Ping Identity

’The BKA statistics show impressively that cybercriminals are operating globally with over 200,000 crimes committed abroad, using stolen identities as a gateway. Modern CIAM systems must therefore use AI to detect anomalous behaviour in real time – for example, when a German user suddenly logs in from one of the “safe haven” countries mentioned in the report. Zero trust architectures with adaptive authentication are indispensable today.”

Kristian von Mejer, Director Central & Eastern Europe at Forescout “Statistically speaking, 950 ransomware attacks mean more than two successful attacks every day – and that’s just the officially reported cases. The high number of unreported cases and the focus on OT environments in critical infrastructures require continuous identification, classification and risk assessment of all networked devices. Our platform also automatically identifies and segments unmanaged IoT and OT systems, which often serve as entry vectors.‘

Frank Heisel, Co-CEO of RISK IDENT ’The BKA report documents the dangerous convergence of AI and cybercrime: fraudsters are using generative AI for deceptively real identity theft and social engineering. Our machine learning algorithms analyse behaviour patterns in real time and detect AI-generated fraud attempts based on subtle anomalies. With an average ransomware loss of £277,000, preventive fraud detection is essential.”

Alexander Koch, SVP Sales EMEA at Yubico

‘Successful police operations against phishing infrastructures are important, but the best protection remains prevention. With 82% of all cybercrime cases based on computer fraud, phishing-resistant authentication methods are essential. Hardware security keys offer physical protection that even AI-powered attacks cannot overcome – they require the direct presence of the authorised user.’

Zac Warren, Chief Security Advisor, EMEA at Tanium

“178.6 billion euros in damage caused by cyber attacks – an increase of 20% – underscores the need for proactive endpoint security. Operation Endgame, highlighted in the BKA report, shows that cybercriminals use complex malware chains with multiple loaders. Our autonomous endpoint management platform detects and stops such multi-stage attacks in real time before they can spread laterally.‘

Gerald Eid, Regional Managing Director DACH at Getronics

’The increase in foreign offences to over 200,000 cases documented in the BKA report shows that cybercriminals are exploiting the global interconnectedness of workplaces. With 72% of ransomware attacks in double extortion mode, distributed workspace environments are particularly at risk. Our end-to-end workspace security solutions protect the entire digital workplace – from the endpoint to the cloud to the collaboration platform. With our Managed Workplace Services, we offer a cost-effective alternative to setting up in-house security teams, especially for SMEs, which are heavily affected in the report.‘

Michael Heuer, Area VP Central Europe/ DACH at Keepit ’The success of law enforcement agencies in dismantling ransomware groups is impressive, but 950 successful attacks show that companies need to prepare for the worst. Immutable backups that cannot be altered even if admin rights are compromised are the last line of defence. We offer air-gapped backup solutions, especially for the frequently attacked SaaS applications mentioned in the report.”

Stephan Fauser, Head of Sales, SpaceNet AG

“As a managed service provider, we are following the developments documented in the BKA report with concern: 29,399 DDoS attacks were recorded across Germany – an increase of over 30% on the previous year. Particularly alarming is the increase in the average attack duration to 48 minutes at 1,201 Mbit/s bandwidth. In our certified high-security data centres in Munich, we protect not only our customers’ cloud and AI solutions, but also their entire IT infrastructure with high-performance DDoS protection. In addition, our 24/7 Security Operations Centre (SOC) takes proactive defensive measures as soon as threats are detected.”

Dr Martin Krämer, Security Awareness Advocate at KnowBe4

“The BKA reports a significant increase in phishing, smishing and QR code phishing. Business email compromise, one of the most costly attacks for its victims, is missing, even though this threat is growing worldwide, according to the latest editions of the Verizon Data Breach Investigations Report and the IBM Cost of a Data Breach Report. Attackers are increasingly based abroad, reflecting tense geopolitical relations and shifting international power dynamics. Noteworthy is the concentration of cybercriminals on SMEs (80%), with 72% of attacks using double extortion tactics. As a result, SMEs can no longer afford to leave their employees untrained and uninformed about the threats. Nevertheless, it is encouraging to see law enforcement agencies taking tough action against cybercriminals – something that the public sector industry must support. Ultimately, we must expect to see an increase in more sophisticated AI-enabled attacks, including BEC, video/audio deepfakes and supply chain attacks. While law enforcement agencies are working hard to stop criminal activity, businesses must put the right technologies, processes and training in place for their employees to defend themselves.”

Matthias Canisius, Head of Sales, Mondoo GmbH

“Vulnerabilities remain one of the most important gateways for cybercriminals, alongside phishing. According to Bitkom, the damage caused by this will amount to almost €179 billion in 2024 alone.

This development is further exacerbated by increasing digitalisation, ever closer networking and the lowering of the entry threshold through cybersecurity-as-a-service. The result: the attack surface is constantly growing – and with it the opportunities for crime. One of our central tasks – today and in the future – will therefore be to consistently close these gateways. The goal must be to prevent attacks from happening in the first place. The early and active use of effective protection mechanisms that work even in complex and mature IT landscapes without impairing operations will be a crucial component of future security strategies.”

Jörg Vollmer, General Manager, Field Operations, DACH & CEE at Qualys

“The BKA’s 2024 Federal Cybercrime Report shows that IT vulnerabilities – alongside phishing and other techniques – play a central role in cyber attacks. On average, 15 vulnerabilities were actively exploited every month, often including particularly critical zero-day gaps. At the same time, the financial damage caused by cyber attacks reached a new high of 178.6 billion euros. These figures suggest that companies urgently need to align their IT security architectures with security by design in order to minimise vulnerabilities as early as the development phase. It is also essential to continuously record all IT assets and systematically check them for security risks. Centralised, risk-based vulnerability management enables companies to quickly and specifically identify and remedy those risks that are actually critical, given the thousands of new security vulnerabilities reported each year. Compliance-driven industries such as financial services, healthcare, telecommunications and manufacturing, as well as operators of critical infrastructure (KRITIS), are particularly challenged in this regard. Only a consistent and proactive strategy that combines continuous monitoring, prioritisation of cyber risks and integrated security design can effectively protect companies from the increasingly complex threats fuelled by AI.”

Peter Machat, Senior Director EMEA Central at Armis

“The results make it clear that despite international investigative successes such as Operation Endgame, the threat of cyber attacks remains high – especially for critical infrastructure. The increasing use of AI by attackers and a lack of transparency about connected devices are further exacerbating the situation.

The latest Armis Cyberwarfare Report shows that Germany is particularly vulnerable in international comparison, especially in sectors such as energy supply, healthcare and public administration. These sectors use an above-average number of outdated or unsecured OT systems, which often serve as entry points for targeted attacks.

Without complete visibility and continuous risk analysis of all networked assets, vulnerabilities remain undetected for a long time and provide gaps that threat actors can exploit. “A holistic security strategy that integrates IT, OT, IoT and building management systems and maps them in real time is essential today. The BKA report makes it clear: digital resilience is no longer a distant goal for the future – it is an immediate necessity.”