Berlin (dpa) - The threat posed by cyber criminals has increased significantly in Germany and could grow even further due to the misuse of AI language models such as ChatGPT. This is the conclusion reached by the German Federal Office for Information Security (BSI) in its latest status report, which covers the period from June 1, 2022 to June 30 of this year. "Overall, the current reporting period showed a tense to critical situation," the authority concludes.

An average of 68 new vulnerabilities in software products were registered every day - around 24% more than in the previous year, according to the report, which was presented in Berlin on Thursday. For example, cyber extortionists exploited two vulnerabilities in file-sharing products to access the data of numerous users in Germany and abroad and then threaten to publish it.

Artificial intelligence as a risk

The BSI warns that the use of artificial intelligence (AI) not only offers opportunities, but also risks, for example if data used to train the AI is manipulated. This could happen, for example, with the aim of triggering disinformation campaigns and thus influencing public opinion. The use of AI in programming could also contribute to the multiplication of vulnerabilities. Furthermore, large AI language models represent a vulnerability in themselves "due to their black box character", warns the Federal Office.

For systems in which the outputs of AI language models are converted into actions, it is important that these systems can only act under human control. To this end, queries such as "Do you really want to transfer this personal data to provider XY/cloud storage?" or "Buy/book now for a fee?" should be included.

Hackers choose victims based on a "rational cost-benefit calculation"

The BSI has been noting for some time that criminal hackers are increasingly choosing the path of least resistance and are increasingly selecting victims who appear easy to attack. "The focus is no longer on maximizing the potential ransom, but on rational cost-benefit calculations," the report states. Small and medium-sized companies, state and local authorities, schools and universities are increasingly falling victim to so-called ransomware attacks.

Ransomware is when attackers exploit inadequate data security or other errors to infiltrate systems and encrypt data. The blackmailers then demand a ransom for decryption. Since 2021, the BSI has observed that ransomware attackers are increasingly putting their victims under pressure by publishing captured data on so-called leak sites.

Competitive pressure for cybercriminal services

As more and more cyber criminals are using the "services" of other criminals for their attacks, there is increasing competitive pressure between the providers of this "crime-as-a-service" model. According to the BSI, this competition between cybercriminal groups leads to a maximization of pressure on affected victims.

"States and local authorities must finally strengthen the cyber resilience of public administration and be obliged to implement cyber security measures that are appropriate to the risk," demanded Iris Plöger, Member of the Executive Board of the Federation of German Industries (BDI). Otherwise, the digital and green transformation could be slowed down by cyber attacks.

At least the BSI has some reasonably good news. Regarding the feared hacker attacks by pro-Russian actors after the start of the war, the report states: "In the context of the Russian war of aggression against Ukraine, there was a threat primarily from pro-Russian hacktivist attacks, but these did not cause any lasting damage and are more likely to be seen as propaganda tools." Federal Minister of the Interior Nancy Faeser (SPD) also called on citizens to report hate postings on the internet.

Immense damage caused by cybercrime

According to a study by the digital industry association Bitkom, cybercrime recently caused more than 200 billion euros in damage to the German economy every year. If you look at this sum in relation to the federal budget for this year of around 476 billion, the scale of the problem becomes clear, said BSI President Claudia Plattner. This makes it all the more important to finally implement the plans for a central office function of the Federal Office, demanded the head of the authority, who took up her post at the beginning of July.

Faeser emphasized that she was in the process of winning over the federal states for this planned reform. Some of the larger federal states in particular had initially had reservations. However, she was optimistic that an agreement would be reached which would then also be approved by the Bundesrat.

Faeser had been accused of relieving the former BSI President, Arne Schönbohm, of his duties in the fall of 2022 without good reason. Previously, Jan Böhmermann's satirical programme "ZDF Magazin Royale" had made a big issue of Schönbohm's proximity to an association that had come under fire for alleged contacts with Russian intelligence services.