Trending Topics Cybersecurity – September 2025

Cyberattacks are having an increasingly massive impact on the German economy: as the digital association Bitkom explains in its new study "Wirtschaftsschutz 2025", the damage caused by cybercrime has exceeded the 200 billion euro mark for the first time in the past 12 months.

The horrendous losses are due to an increasingly aggravated threat situation caused by geopolitical influences, in which cyber actors are launching ever more targeted attacks. In addition to ransomware attacks, the main causes of damage are DDoS attacks, malware, phishing, brute force and code injection. Two out of three companies are certain that attackers are increasingly relying on artificial intelligence to optimize and disguise their attacks.

The critical dimensions that a cyberattack can assume in an emergency are currently demonstrated by the production downtime at Jaguar Land Rover (JLR). The automotive group has been struggling for around a month with the consequences of a cyberattack that brought all production in the UK, Slovakia, Brazil and India to a standstill. The damage caused by the incident is estimated at several hundred million euros - many of JLR's suppliers see their existence threatened.

Europe's digital capacity to act is massively at risk

The existential importance of digital sovereignty in Europe is made clear in a recently published interview with Trevor H. Rudolph - the former head of the White House Cyber and Security Unit. The security expert outlines possible scenarios in which transatlantic digital supply chains could collapse abruptly. Such a collapse would pose a significant threat to Europe's ability to act digitally.

The acute threat to digital supply chains is also increasingly being perceived as a problem by German IT managers. Due to the unpredictability of the US administration, every second German company sees itself forced to adapt its strategy and supply chains due to geopolitical risks.

The Top IT Security Topics in September:

German economy: Damage caused by cyberattacks rises to over €200 billion

Three out of four companies have recorded an increase in cyberattacks over the past 12 months, and half of all companies see their existence threatened. These and other findings are the subject of the new Bitkom study “Wirtschaftschutz 2025.” As the industry association reports in the study, the economic damage caused by cyberattacks has risen to over €200 billion per year for the first time. In addition to traditional attacks, AI-supported attacks are also responsible for this, which, according to 66 percent of the experts surveyed, are being used more frequently.

5.8 million IP addresses: huge DDoS botnet identified

Security researchers warn of a rapidly expanding DDoS botnet that can now coordinate attacks from around 5.8 million IP addresses. Since March of this year, the network has already more than quadrupled in size. So far, this cyber weapon has been used primarily in attacks on government agencies. The devices infiltrated for the botnet are located around the globe, but the majority of the malicious traffic originates from Brazil, Vietnam, the US, and Argentina.

Prompt injection: ChatGPT divulges sensitive data

Security researchers have identified a critical security vulnerability in the large language model ChatGPT. The flaw allowed attackers to retrieve sensitive information from emails using a combination of different prompt injection techniques. The attack is carried out via hidden prompts in an HTML email. As soon as the victim logs into ChatGPT after receiving the prepared email, the LLM executes the injected commands and sends data from connected email accounts and databases to the attackers. The security vulnerability was reported to the operator OpenAI on June 18, but was not officially communicated as fixed until September 3.

Mobile phone numbers of top German politicians appear at data brokers

According to research by Der Spiegel, personal data, including mobile phone numbers, of cabinet members and government agency heads is available from data brokers on the internet. This includes, for example, the numbers of Chancellor Friedrich Merz and BSI President Claudia Plattner. The BSI has been informed of the incident and is in contact with the Federal Criminal Police Office to assess the situation and take possible measures.

US kill switch – is Europe facing a digital blackout?

Trevor H. Rudolph, warns that a US kill switch could block European access to key cloud services, thereby massively jeopardizing the continent's digital capabilities. Since around 80% of the European cloud market is controlled by US giants Google, Microsoft, and Amazon, he is calling for the rapid expansion of a separate European sovereign cloud. Without such independent infrastructures, Europe remains vulnerable to the sudden shutdown of critical digital services.

South Korea: Data center fire cripples over 600 e-government services

A fire at a data center belonging to South Korea's National Information Resources Service has put more than 600 e-government services out of operation. The fire was caused by technicians who were replacing a lithium-ion battery. Social media is abuzz with discussions about the Seoul government's dependence on a single data center. In Germany, the Federal Audit Office criticized the security standards of federal data centers in July, pointing out that there was a lack of redundancy for critical government services.

Cyberattack halts production at Jaguar Land Rover

On August 31, a cyberattack completely paralyzed the Jaguar Land Rover (JLR) automotive group: All plants in the UK, Slovakia, Brazil, and India are at a standstill, causing losses of several hundred million euros and putting severe strain on supply chains. Meanwhile, the UK government is under pressure to provide financial support to around 700 suppliers, while JLR is still working to resume production.

Cyber espionage: Police arrest two Dutch teenagers

Dutch police have arrested two 17-year-olds who were allegedly recruited by Russian intelligence services to spy on the headquarters of European law enforcement agencies. One of the teenagers was observed with a “Wi-Fi sniffer” near Europol headquarters and the Canadian embassy.

Attack paralyzes European airports

A cyberattack on IT service provider Collins Aerospace has crippled electronic check-in and baggage handling systems at several European airports, including BER, Brussels, Dublin, and London Heathrow. Due to the system failures, passengers had to be checked in manually, resulting in delays and flight cancellations – particularly at BER during the Berlin Marathon.

137 million euros in damages: British consumer cooperative hit by cyberattack

6.5 million compromised user accounts and 137 million euros in damages: these are the consequences of a cyberattack on the British consumer cooperative Co-op. The cyberattack resulted in millions of members' data being stolen from the organization. To limit the damage, parts of the IT system were temporarily shut down, which, however, caused disruptions to ongoing operations. Co-op primarily operates supermarkets, but is also active in the financial services and funeral sectors.

DDoS attack cripples Finnish Ministry of Defense website

An overload attack has led to the temporary shutdown of the Finnish Ministry of Defense's website. Public access to the information and services provided on the site was disrupted for several hours. According to a spokeswoman for the ministry, it is not yet clear who is behind the attack.

KRITIS umbrella law passed by the Federal Cabinet

The Federal Cabinet has passed the KRITIS umbrella law, which is intended to implement EU requirements for critical infrastructures in Germany. This includes, among other things, a risk assessment for hybrid threats. Critics complain that the new requirements of the law do not apply to large parts of the federal administration and that state administrations are completely exempt.

Interpol confiscates nearly $440 million from cybercriminals

Interpol, together with investigators from 40 countries, including Germany, has dealt a major blow to international cybercrime as part of Operation Haechi VI. Investigative authorities in several countries have successfully cracked down on cybercriminal activities, seizing approximately $439 million in assets. Police worldwide blocked more than 68,000 bank accounts linked to online fraud and money laundering and froze nearly 400 crypto wallets.

Preventive protective measures deter cybercriminals – focus of attacks shifts to SMEs

According to a recent study by Allianz Insurance, there is a noticeable trend reversal in the targets chosen by cybercriminals: attackers are less likely to target well-secured corporations and more likely to target small and medium-sized enterprises. Although these companies tend to have fewer assets, in most cases their protective measures are also significantly less robust.

SSL/TLS termination: Focus on compliance and trust

In order to uncover veiled attacks and accelerate website content in a targeted manner, providers of protection and CDN services must decode encrypted traffic. This technical requirement makes the choice of service provider a question of compliance and trust.