Trending Topics Cybersecurity – June 2025

Europe's digital sovereignty is increasingly under scrutiny in light of a wave of targeted cyberattacks and growing dependence on foreign IT services. The latest cybercrime report from the German Federal Criminal Police Office (BKA) confirms that the threat level remains high: Hacktivist DDoS attacks on government agencies, public institutions, and critical infrastructure continue to increase, often in the context of geopolitical tensions.

A drastic example of the real consequences of such attacks is the ransomware attack on the British laboratory service provider Synnovis, which led to massive delays in medical care – with the tragic result that a patient died as a result of the disrupted blood test logistics. Over 2,000 treatments had to be postponed or canceled, highlighting the vulnerability of the healthcare system.

Communication and administrative infrastructures are also increasingly being targeted: In Sweden, coordinated DDoS attacks paralyzed central services such as the Bank ID identification system and public broadcasting, while in Mecklenburg-Western Pomerania, police officers had to switch back to analog radio technology after an attack on their service smartphones.

Focus on dependencies and resilience 

At the same time, there is growing concern about the digital sovereignty of German companies, which feel increasingly dependent on US cloud providers. According to Bitkom, 78 percent of companies are calling for a stronger European cloud presence, while the EU is attempting to reduce dependencies and strengthen the resilience of critical infrastructures with initiatives such as its own DNS service “DNS4EU” and the implementation of the NIS 2 Directive. The latter is gaining momentum again in Germany under the new government – an initial draft bill includes the revision of the BSI IT baseline protection framework and stricter documentation requirements for federal authorities.

Current developments show that cyberattacks on healthcare, communications, and government agencies have long been a reality – making the strengthening of digital sovereignty and the consistent implementation of new security standards a central task for the state, the economy, and society.

The Top IT Security Topics in June

BKA cybercrime situation report: Hacktivist DDoS attacks continue to increase

The Federal Criminal Police Office (BKA) has published its latest federal cybercrime situation report. According to the report, the threat level in cyberspace remains high. Hacktivist DDoS attacks on targets in Germany are continuing to increase in the context of geopolitical developments. According to the BKA, the most frequently affected sectors are public authorities, public institutions, the financial sector, and transport companies.

IWD study: Skills shortage jeopardizes cybersecurity in Germany

The shortage of qualified specialists is significantly hindering improvements in cybersecurity in German companies, according to a study by the German Economic Institute. Last year, more than 200,000 cybersecurity-related jobs were advertised. As a countermeasure, companies have increased their spending on cybersecurity by 14 percent to 11.2 billion euros in 2024. However, in many cases, there is also a lack of the necessary skilled workers to make efficient use of the investments made.

Cyberattack on British laboratory service provider leads to death in hospital

Hospital spokesperson announces new findings: A ransomware attack by the hacker group Qilin on the London-based diagnostics service provider Synnovis in June 2024 had serious consequences for medical care. The cyberattack led to significant delays in the evaluation of blood tests, which delayed the treatment of a patient so severely that he died. Overall, patient care was severely affected: According to official figures, the attack resulted in around 1,100 cancer treatments and more than 1,000 operations being postponed and around 2,000 outpatient appointments being canceled.

High dependence of German companies: Concerns about foreign cloud services

German companies are concerned about their dependence on US cloud providers, especially following political developments in the US, which is causing many to rethink their cloud strategies. A survey by Bitkom found that 78 percent of companies consider Germany to be too dependent on foreign providers and would like to see a stronger presence of European cloud services.

Rhineland-Palatinate: Record number of data protection complaints in 2024

The number of formal complaints about data protection violations reached a new high of 1,111 in 2024, representing a 35 percent increase over the previous year. The number of reported data breaches also continued to rise, underscoring the public's increased awareness of data protection. This is according to the activity report on data protection in Rhineland-Palatinate.

Germany makes new attempt to implement the NIS 2 Directive

The implementation of the European NIS 2 Directive is a top priority for the Federal Ministry of the Interior after the original deadline in October 2024 passed and Germany is now facing infringement proceedings. A new draft bill provides, among other things, for a revision of the IT baseline protection and stricter documentation requirements for federal authorities in order to quickly address the shortcomings.

Attack on Czech Foreign Ministry alarms NATO and EU

An attack on the Czech Foreign Ministry, allegedly carried out by the Chinese cyber espionage group APT31, has presumably enabled access to emails of Czech diplomats since 2022 and is causing great concern for NATO and the EU. Both organizations condemned the attack as an unacceptable violation of international norms and declared their solidarity with the Czech Republic, while the EU announced further measures against malicious cyber activities.

Sweden under massive DDoS attacks: Government sounds the alarm

In June, Sweden was the target of coordinated DDoS attacks that focused on key institutions such as the public broadcaster SVT, banks, and the Bank ID identification system, exposing the vulnerability of the country's digital infrastructure. Prime Minister Ulf Kristersson blamed geopolitical tensions and possible state actors and announced increased investment in cybersecurity.

Cyberattack forces police in Mecklenburg-Western Pomerania back to radio devices

Following an attack on the networked service smartphones of the Mecklenburg-Western Pomerania police, many mobile devices are unusable, forcing officers to resort to traditional radio technology to check ID cards or query vehicle owners. The incident is considered a setback for the digitization of the police force, as the attack could compromise sensitive data and the new smartphones will have to remain out of service for the time being.

Due to NATO summit in The Hague: Attacks on Dutch government websites

In the run-up to the NATO summit in The Hague, DDoS attacks were carried out on websites of the NATO regional representation and several municipalities and provinces in the Netherlands. As a result, some sites were temporarily restricted or completely unavailable. The pro-Russian group NoName057(16) claimed responsibility for the politically motivated attacks.

Cyberattack paralyzes telephone systems and web services in South Tyrol

A cyberattack in South Tyrol caused massive disruptions to telephone systems and internet services, affecting the traffic control center, the emergency call center, and the professional fire department, among others. Emergency numbers remained accessible to the public. At the same time, a power outage at a data center in Bolzano caused further outages while authorities worked to restore the systems.

Data of Swiss politicians published on the dark web

Cybercriminals have leaked data from 44 accounts belonging to Swiss politicians. In addition to personal data such as email addresses, telephone numbers, home addresses, dates of birth, and IP addresses, this also includes 78 passwords. Some of those affected had apparently used their work email addresses to register on third-party sites, including age-restricted websites and dating platforms.

Own cybersecurity strategy: Berlin begins implementation of the NIS 2 Directive

Berlin is one of the last federal states to initiate the implementation of the NIS 2 Directive. The Senate Chancellery is responsible for this and will also develop its own cybersecurity strategy for the capital in the future. Berlin-CERT will take on the role of the computer emergency response team, while the strategy will be regularly reviewed and updated to ensure a high level of cybersecurity.

IT security check for municipalities in Rhineland-Palatinate meets with great interest

76 municipalities in Rhineland-Palatinate have already taken advantage of the free IT security check offered by the state to better protect their systems against cyberattacks, and others have expressed interest. However, the check is only a first step toward assessing one's own information security: The biggest challenge remains the consistent implementation of security measures and the recruitment of IT specialists, which is why the state and municipalities are committed to close cooperation.

BSI publishes criteria catalog for secure AI use in public administration

At the 11th Future Congress for State and Administration, the Federal Office for Information Security (BSI) presented a catalog of criteria that defines requirements for the secure integration of generative AI models in administrative applications. The aim is to create a uniform minimum level of security and to provide IT security officers with guidance on the use of AI.

Our data is like a suitcase – but who has the key?

Like TSA-certified suitcases, SSL/TLS-encrypted data can be temporarily opened with a master key. But what if providers from the US hold the key? An article about digital sovereignty and the question of who we should trust in uncertain times.

EU launches its own DNS service, “DNS4EU”

The EU has launched a free DNS service called DNS4EU, which provides youth protection and phishing filters as well as ad blockers and unfiltered DNS resolvers. The project aims to strengthen digital sovereignty and reduce dependence on US providers.