Manufacturing industry is target No. 1

Var Group report on cyber-attacks on German companies and organizations published

 

Munich, June 24, 2025 – Var Group's cyber security competence center, Yarix, has analyzed cyber-attacks on German companies and organizations in 2024. In a report published for the first time, the “Country Report on the Cyber Threat Landscape: Germany,” Var Group presents its findings: According to the report, German companies and organizations were primarily victims of distributed denial of service (DDoS) and web defacement attacks, as well as ransomware attacks in 2024. The sectors most affected were manufacturing, retail and e-commerce, as well as government agencies and law enforcement authorities.

The analysis was conducted by the Yarix Cyber Threat Intelligence (Yarix CTI) team, which is part of Yarix, the Var Group's cybersecurity competence center. It is based on cyber events recorded between January 1 and December 31, 2024, that targeted companies, institutions, and organizations based in Germany. To this end, the Yarix CTI team collected threat intelligence data from open sources (OSINT) and closed sources (CLOSINT), such as underground cybercrime communities and covert investigations by threat intelligence analysts.

The results of the analysis, including detailed statistics, descriptions, classifications, and background information on the threat situation, as well as hypotheses on possible risk scenarios in Germany for 2025, have been summarized in the “Country Report on the Cyber Threat Landscape: Germany” for 2024, which is now available for download at www.vargroup.de/CTI-Report-DE.

 

DDoS/web defacement and ransomware attacks are the biggest threat

The Yarix CTI team classified the attacks observed in its analysis into six main categories: Most (36.4 percent) were DDoS and web defacement (see info box). Ransomware attacks were also a major problem for German companies and organizations in 2024: 27.7 percent of the attacks observed can be assigned to this category. The ransomware attacks against companies in Germany in 2024 accounted for 2.88 percent of all incidents of this type recorded by the Yarix CTI team in the 118 countries analyzed. This put Germany among the top five countries most affected by ransomware incidents in 2024. Other threats during the observation period included data leaks (14.6 percent), threats from leads (8.3 percent), unauthorized access (8.1 percent), and initial access brokers (4.9 percent). The Yarix CTI team also identified a total of 24 industries in Germany that were affected by cyber-attacks in 2024. At the top of the list, with 13.1 percent of the attacks observed, is the manufacturing industry, followed by retail and e-commerce (12.2 percent) and government, administration, and law enforcement (11.8 percent). This is followed by attacks on cross-sector companies (7.9 percent), transportation (6.9 percent), consulting (5.5 percent), IT (5.3 percent), news, media, and blogs (5.1 percent), finance (5.1 percent), and energy (4.5 percent).

 

“Government websites frequently attacked”

However, the companies and organizations in the listed industries did not face attacks from all threat categories equally. According to the report, DDoS and web defacement were particularly prevalent (29.1 percent) among government, administration, and law enforcement agencies. “Such attacks are often carried out by hacktivist groups – i.e., hacker groups that carry out their attacks for political, social, or ideological motives,” explains Hartmut Mersch, Managing Director of Yarix in the DACH market. The goal of hacktivist groups is to fuel social conflicts and protest against a government's domestic or foreign policy agenda. “DDoS and web defacement attacks are therefore often used to attack government websites in order to paralyze them or spread false information,” explains Mersch. Other industries particularly affected by DDoS/web defacement were transportation (12.8 percent) and manufacturing (10.1 percent).

 

German manufacturing industry targeted by ransomware attacks

Ransomware attacks hit the manufacturing industry hardest by far (30.2 percent). This was followed by consulting (11.8 percent), IT (8.1 percent), and construction (8.1 percent). "In the manufacturing industry, even short IT outages have enormous consequences, for example if they cause a production chain to fail. Every minute costs a lot of money, which is why companies are quick to pay the ransom,“ explains Mersch. ”This makes the manufacturing industry a popular target for cybercriminals."

Small companies with 11 to 100 employees (55.2 percent) were also particularly affected by ransomware attacks. They are followed by medium-sized companies with 101 to 500 employees (25.0 percent) and “enterprise” companies with more than 1,001 employees (11.1 percent). "In many small companies, IT is not as high a priority as it is in large companies. In addition, employee knowledge of IT security is often insufficient. This makes them particularly vulnerable,“ explains Mersch. There is rarely an understanding of the extent of cyberattacks, especially ransomware. As a result, they tend to deal with cybersecurity in a reactive rather than preventive manner. ”However, this is particularly tragic for small businesses, as they do not have the budgets for security measures or professional incident response," Mersch continues.

 

Cyber-attacks peak in November and December

Looking at the timeline of attacks recorded over the course of the year, the YCTI team found a fluctuating distribution of threats observed across most months of the year, with a clear peak in November and December 2024. DDoS and web defacement attacks were concentrated in certain months that corresponded to foreign policy initiatives by the German government in the geopolitical context of 2024. These included, for example, support for Ukraine and Israel. In addition, peaks in such attacks were also recorded during important domestic political events and protests, such as the protests by German farmers in January. Another reason for the increase at the end of the year is the high-revenue period for retail and e-commerce before Christmas. Mersch explains: “If a cybercriminal really wants to hurt an online store, they will attack during this period – from Black Friday to Christmas.”

 

“Cybersecurity will become an economic advantage”

The Yarix CTI team concludes its report for 2024 with an assessment of possible threat scenarios for cybersecurity in Germany in 2025. It rates the risk of DDoS and web defacement attacks as well as the risk of ransomware attacks against German targets as high. “The results suggest that cybersecurity will become an economic advantage in the future,” emphasizes Mersch. “Standards and certifications that go beyond future legal requirements such as NIS2 will build trust among customers – and influence business decisions accordingly.” Small businesses in the manufacturing industry and retail/e-commerce, as well as government, administrative, and law enforcement agencies, should consider cybersecurity a high priority.