Federal Situation Report Cybercrime 2018 – What should companies know?

Blog Cybersecurity Phishing
Pic Source: Tero Vesalainen via Pixabay

On Monday, the Federal Criminal Police Office published the cybercrime situation report for 2018. It does not give computer users cause to breathe a sigh of relief – on the contrary.

What is the Federal Situation Report Cybercrime?

In the Federal Situation Report Cybercrime, you will find the most important information on the development of cybercrime in Germany. This ranges from digital sabotage and theft of digital identities to the dialling of expensive foreign numbers by exploiting security gaps. The Federal Criminal Police Office (BKA) publishes this kind of comprehensive report on different crime areas once a year. It is based on various sources such as the police crime statistics, but also on studies by public and private institutions.

What was the cybercrime situation in 2018? Rising numbers of cases and growing degree of professionalisation in attacks        

For cybercrime in the narrower sense, the BKA recorded a 1.3 % increase in the number of cases (2018: 87,106 cases, 2017: 85,960 cases) compared to the previous year. This includes offences “directed against the internet, other data networks, information technology systems or their data”. The clearance rate was 38.9 %, which is a slight decrease compared to the previous year (2017: 40.3 %). Due to the suspected high number of unreported crimes, it is all the more important to report possible crimes in order to gain further insights.

Three quarters of all crimes were registered as cases of computer fraud. In most cases, the internet was only used as a means of committing the crime. Thus, it was a matter of cybercrime in the broader sense.

Furthermore, it is pointed out that Germany continues to be an attractive target for cyber criminals due to its high level of development and know-how (especially in business). Attacks, e.g. on small and medium-sized enterprises, are carried out with a high degree of professionalism. Extensive information is collected in advance, which is then used for the attack or the calculation of ransoms.

Which threats should one be prepared for according to the situation report?     

Theft of virtual identities as a gateway

Protect your access data to all online user accounts (e-mail service, online banking, online shops) sufficiently, because the theft of digital identities forms the basis for various other crimes.

And criminals use these means to obtain your access data, for example:

  • Spyware: malware that spies on a user’s or computer’s data and sends it to third parties. You can read more about this and how to protect yourself here.
  • Keylogger: Hardware or software that logs what you type on the keyboard, allowing cybercriminals to read passwords and PIN numbers, for example. You can find out more about this and how to protect yourself here.
  • Social engineering: Interpersonal manipulation with the help of which cyber criminals gain access to other people’s computer systems and sensitive data. You can find out more about this and how to protect yourself here.
  • Formjacking: In this case of attack, online forms on websites are manipulated in such a way that the data entered can be read by criminals.
  • Data leaks: Here, gossiping or disgruntled (ex-)employees are often the wrongdoers. But cybercriminals can also gain access to digital identities unintentionally. For example, if databases connected to the internet are not properly secured (e.g. a simple password) or if the wrong settings are chosen at short notice.

The latest trend: Cybercrime-as-a-service or “I’ll buy a cyber attack”.

In the meantime, not only tech-savvy bad guys are able to initiate a cyber attack, because a cyber attack can now be bought very easily on the Darknet with anonymous payment via cryptocurrency. Interested parties can get the entire project or just individual tools here. The Federal Situation Report explicitly lists the following possibilities:

  • Digital data theft,
  • Offering botnets for various criminal acts,
  • DDoS attacks (more on this below),
  • Malware production and distribution,
  • Trading compromised, sensitive data, e.g. access or payment data,
  • Brokering financial or commodity agents to disguise the origin and security of funds or goods obtained through crime – i.e. digital brokering of stolen goods,
  • Communication platforms for the exchange of criminal know-how, e.g. forums,
    anonymization and hosting services to disguise one’s own identity, and
  • Password-protected digital storage locations for storing illegally obtained data, e.g. passwords and account data.

Some additional services such as malware updates or a kind of customer service are also offered in this context.

Ransomware increasingly targeting small and medium-sized enterprises

In this type of attack, criminals make files, hard drives, computers or entire networks inaccessible to their legitimate users and demand a ransom in order to release the files etc. again. Overall, according to the report, there was a significant decrease in ransomware cases, but for two less pleasant reasons:

Firstly, capacities were shifted to other forms of attack such as cryptojacking (secret and illegal hijacking of computing resources to generate cryptocurrencies) and the like.

On the other hand, there were clear indications that a change in tactics had taken place: instead of spreading the malware widely, targeted professionalized attacks were carried out against companies. According to the situation report, small and medium-sized enterprises are increasingly in the focus.


Botnets also continue to be a major challenge. A bot is a computer program that automatically and independently carries out certain tasks. If several bots network with each other, a botnet is created. Although technically neutral, botnets are mostly set up between computers infected with malware and abused by cybercriminals – without the knowledge of the computer owners. Read more about this and how you can protect yourself here.

DDoS – increase in quality and quantity of attacks on websites

There has also been a renewed increase in the number and quality of Distributed Denial of Services attacks. DDOS attacks aim to deliberately overload a system (most often a website) to such an extent that it can no longer perform its tasks. According to the situation picture, retailers are particularly often affected here and on days that are especially relevant for business (e.g. Black Friday). The motivation of the perpetrators is varied: it can be an act of digital vandalism, a political statement or even a targeted attack by a competitor. This form of attack can also be bought in – the Federal Situation Report cites the example of Webstresser.org. There, a DDOS attack was already available for 15 euros.

Mobile security – the smartphone must also be secured

Due to the widespread use of mobile devices, smartphones, tablets and the like are increasingly being targeted by cybercriminals. The BKA is also observing this trend. The perpetrators are trying to gain access to the devices with tailor-made malware and manipulated apps. Since updates and security measures such as anti-virus software are often neglected on these devices, criminals have an easy game. Even if the main work still takes place on desktop PCs, interesting data is now also stored on mobile devices: E-mails, downloaded documents, access data and much more. According to Symantec, Germany ranks third behind the USA and China in terms of the frequency of infections by mobile ransomware. Phishing attacks are also adapting accordingly – where emails used to be targeted, people are now trying to manipulate people via social networks.

Social Engineering Trends: Technical Support Scam & Sextortion

There are also two new trends in interpersonal manipulation:

Technical Support Scam

In this trick, you are called by a supposed service provider, e.g. Microsoft. In fact, fraudsters are behind the phone call. They tell you about imaginary problems with the computer that require remote access to the device. In this way, you are supposed to be persuaded to download software that is either harmful or even allows you to take complete control of your computer. Our tip: Don’t let yourself be pressured. Find the service provider’s phone number from your records, call them and have them confirm the story.


Sextortion is sexual blackmail. People are blackmailed with alleged recordings showing them consuming porn. Only in return for a monetary payment would the blackmailers refrain from distributing the recordings. In most cases, however, these are mere mass e-mails and no compromising material exists.

Danger through indirect attack methods

The situation report identifies two main sources of danger here


In this type of attack, the malware is not installed on your system from the outside. In contrast, the criminals use existing software/software components (for example, administrator programs or data processing packages) to spy on your data.

Supply chain attack

In this type of attack, third-party programs are pre-infected. In other words, a malicious program is incorporated into what is actually a legitimate program. If you download this unsuspectingly, your own device becomes infected with the malware.

You can find more information in the Federal Situation Report Cybercrime 2018 here.