Our third Germany Threat report reveals a paradox. In contrast with a global average of 90%, only 70% of the security professionals we surveyed in Germany said the volume of cyberattacks targeted at their organisation had increased over the past year. This is a significant drop on the 99% that had seen attack volumes increase in our October 2019 report. Nevertheless, it is not all good news. The attacks that occurred were more sophisticated than ever before.
The most frequent attack type experienced was fileless attacks, such as living off the land, PowerShell and WMI attacks, showing adversaries are prioritising gaining undetected network access as a beach head for further malicious activity and lateral movement. However, when establishing causes of successful breaches, organisations need to look closer to home; process weaknesses and out of date security were factors in 37% of actual breaches.
73% of German organisations have suffered a breach as a result of a cyberattack in the last year.
Our research revealed significant variations in the cyber threat environment organisations are experiencing, dependent on their size. Most notably, SMEs with between 501-1000 employees appear to be sitting firmly in an attacker sweet spot. These are companies that don’t typically have the budgets or in-house resources of their larger counterparts, but who nevertheless have highly valuable data and digital assets that are ripe for theft or extortion. They are facing a significantly greater increase in attack volumes and sophistication growth compared with smaller and larger organisations.
Perhaps this is because they’re already supporting multiple security technologies. Respondents are operating an average of more than eleven different consoles or agents to manage their security programme. This indicates a security environment that has evolved reactively as security tools have been bolted on to tackle emerging threats, not built-in. This has resulted in siloed, hard-to-manage environments that hand the advantage to attackers from the start. As cyber threat sophistication continues to grow, it is time for rationalisation, strategic thinking and clarity over security deployment.
Among SMEs fileless attacks are the most commonly witnessed attack type.
All but one of our survey participants anticipated an increase in spend.
51% say they will need to increase security spending and controls.
The sudden global shift to homeworking due to COVID-19 has both increased cyberattack activity and exposed some key areas for security teams to address and learn from going forward. Our COVID-19 research has found that the predominant gaps identified in disaster recovery planning revolve around communication with external parties such as customers, prospects and suppliers, as well as challenges enabling the remote workforce and communicating with employees.
Fileless attacks such as living off the land, PowerShell and WMI attacks topped the table in Germany, accounting for a fifth (20%) of all attacks. This indicates adversaries’ campaigns to infiltrate networks undetected and achieve lateral movement. The frequency of fileless attacks has leaped exponentially since the October 2019 report. Then, just 9% of attacks were of this type, and the vast majority (74%) originated from custom malware.
Now, custom malware is in second place, seen in 12% of attacks and Google drive (cloud-based attacks), take third spot, comprising 11% of attacks.
Financial services companies saw most fileless attacks (43% of the total), while government and local authority organisations experienced more custom malware attacks on average, comprising 32% of attacks on this sector.
Over a third reported very significant gaps in disaster recovering planning in IT operations.
91% of all global respondents stated that they had seen an increase in overall cyberattacks as a result of employees working from home.