🎯Cyber criminals are stealing people's identities online, especially in Germany, where the number of attacks has skyrocketed. This means your personal information could be at risk, and companies need to act fast to protect themselves.
What Happened
Europe is facing a growing threat from cyber identity thieves, and the urgency is palpable. According to Darktrace's latest Threat Report for 2026, 58% of attacks in Europe last year originated from compromised cloud accounts or email access. This alarming statistic highlights a shift in tactics, as traditional network breaches now account for only 42% of incidents.
Germany has emerged as the most targeted country, with over half of the reported incidents affecting organizations in the EMEA region. In 2025, Germany experienced a staggering 92% growth in data leaks, tripling the European average. This resurgence marks a return to the high-pressure levels previously observed in 2022 and 2023, with cyber criminals increasingly focusing on the German Mittelstand, which comprises small to medium-sized enterprises.
The manufacturing sector remains particularly vulnerable, as attackers exploit weaknesses in cloud transformation, SaaS usage, and hybrid work models. However, sectors like legal and professional services are also being targeted, as they hold sensitive client data that can yield high extortion payments. This new landscape has blurred the lines of traditional network boundaries, allowing attackers to log in with stolen credentials rather than physically infiltrating systems.
Why Should You Care
This situation affects you directly. Imagine your online bank account being accessed by someone who has your login details. If attackers can log in using valid credentials, they can move freely within a company's systems, making detection incredibly challenging. This means that your personal data, financial information, and even your job could be at risk.
In sectors like healthcare, finance, and energy, the stakes are even higher. For instance, 33% of phishing emails in healthcare targeted privileged users, which could lead to massive data breaches. If these sectors are compromised, it could have serious implications for public safety and trust.
What's Being Done
Experts are sounding the alarm, and organizations need to be proactive. Here are some immediate actions to consider:
- Ensure multi-factor authentication is enabled on all accounts.
- Conduct regular security audits to identify vulnerabilities.
- Train employees to recognize phishing attempts and suspicious activities.
Darktrace is monitoring the situation closely, particularly focusing on groups like Lazarus from North Korea and ShadowPad from China, who are increasingly targeting the manufacturing sector. Meanwhile, the Google Threat Intelligence Group has reported that cyber criminal groups are actively seeking access to German companies, with notable actors like Sarcoma and SAFEPAY targeting businesses across various sectors. As the landscape evolves, expect to see more sophisticated attacks leveraging compromised accounts and exploiting existing vulnerabilities in cloud environments.
The alarming rise in cyber identity theft in Germany indicates a broader trend of increased targeting of small and medium-sized enterprises, emphasizing the need for enhanced security measures across all sectors.
