The warnings of a vulnerability in Microsoft Exchange are drawing ever wider circles. In addition to Microsoft, the White House and, in this country, the Federal Office for Information Security (BSI) is a warning. Attackers are said to have penetrated important systems around the world.
The known recent vulnerability in the Microsoft Exchange Server Ver-si-o-NEN 2013, 2016 and 2019 is becoming a global problem and a major crisis for companies and authorities. A hacking group, presumably close to the government, from China called "Hafnium", is actively exploiting the vulnerability. There is a security update from Microsoft, but the companies and institutions concerned have to install it themselves. As a result, time is pressing and the likelihood of attack increases.
BSI boss: "The situation is serious"
The BSI boss Arne Schönbohm had confirmed to " Zeit Online " that they were very concerned about the security situation and that there had been attacks on federal authorities: "The situation is serious. We have thousands of open systems in Germany that have not been secured and attackers still open. " He made it very clear where this could lead. Schönbohm fears data theft on a large scale. In addition, production could be affected, so that a number of systems from a wide variety of industries could come to a standstill.
The problem is that attackers can access all of the content from the mailboxes of those affected. The authentication can also be bypassed from a distance, which then enables free access to the content. It is also possible for attackers to install code that will allow them access even after the system has been patched later. This makes the security gap and the attacks incalculable at the moment.
Zehntausende Exchange-Server in 🇩🇪 sind laut @shodanhq übers Internet angreifbar und wohl schon infiziert. Betroffen sind Organisationen jeder Größe. Das BSI hat begonnen, potenziell Betroffene zu informieren. Infos hier: 🔗https://t.co/BQbx7eQC0l #DeutschlandDigitalSicherBSI pic.twitter.com/QAozsNRYkA
— BSI (@BSI_Bund) March 5, 2021
According to a report by the news magazine Bloomberg, the number of victims of attacks on the Exchange vulnerability continues to rise rapidly worldwide. It is still unknown whether these are only hafnium attacks or whether other cybercriminals are now also exploiting the vulnerability.
Security specialists around the world are currently noticing targeted attacks. These are driven automatically in order to hack as many targets as possible. Microsoft initially had no evidence that private customers were also attacked. Initially, the hackers' goals were primarily research institutions on infectious diseases, universities and companies with defense contracts. But now the attacks are being spread automatically as much as possible.
European Banking Authority attacked
The European Banking Authority became one of the latest victims, as it announced on Sunday. Access to personal information via email on the Microsoft server may have been compromised. Reports of attacks on electricity providers, retirement homes and food producers have come from the USA.
Microsoft warned on Wednesday that the four previously not publicly known vulnerabilities were being exploited by alleged Chinese hackers and has since been working to stop the attacks. There are already at least 60,000 known victims of the attack worldwide - but it could be a good ten times as many. The investigations are still at the very beginning, because many companies may not have even noticed the break into their system. Only quick updates could stop the hackers now.
0 Comments