The weak points in Microsoft’s e-mail architecture may initially have been exploited by secret services. But now they are becoming a welcome source of income for all types of hackers.
HAcker exploit the weak points in Microsoft’s email architecture Exchange Server en masse. After the company initially identified a Chinese hacker group as the originator, since the vulnerabilities became known, more and more cybercriminals are jumping on the bandwagon.
The Federal Office for Information Security (BSI) announced in an analysis on Wednesday that “several groups of perpetrators” exploited the vulnerabilities and that their attacks were directed “en masse against thousands of targets”, “apparently worldwide”.
While the initial attacks presumably focused on political motives, the BSI considers it plausible that more and more financially motivated hackers are now exploiting the loopholes. It is possible that they will soon load “relatively large-scale” encryption software onto numerous systems in order to blackmail victims.
The American cybersecurity agency Cisa also announced that hackers exploited the vulnerabilities “extensively and indiscriminately”. The latest victims of cyberattacks include the Norwegian Parliament and the Spanish Employment Service, which is responsible for unemployment and social security benefits. There have also been reports of successful attacks from Switzerland.
Tens of thousands of organizations are affected in the United States, and security specialist Fire-Eye identified retailers and city councils as victims. In addition, hackers in America managed to gain access to 150,000 surveillance cameras around the world.
25,000 systems in Germany still unprotected
In Germany, the BSI recently said that two of several federal authorities suspected of being “actually affected” were. The office did not provide any further details. BSI President Arne Schönbohm said that up to 60,000 systems were affected in Germany at the time the security vulnerabilities became known.
“As far as the BSI is aware, around 25,000 of these are still vulnerable today,” explained the BSI boss. “However, every vulnerable system is too much and can lead to damage.” Since the weekend, around 100 affected companies, small and large, have reported to the authorities..The Norwegian parliament announced on Wednesday that it had been attacked via the Exchange vulnerabilities. Data had been downloaded from the IT system. “The situation is currently unclear and we do not yet know the full extent of the attack,” said the head of the parliamentary administration.
In Spain, the cyber attack on the SEPE employment office paralyzed its electronic headquarters and website. On Wednesday it was unclear whether there was a connection with the Exchange vulnerabilities. According to press reports, a malicious program was used that encrypted the systems. Cyber criminals use these to blackmail and demand a ransom to re-enable the systems.
SEPE director Gerardo Gutiérrez said the administration and payment of social benefits as well as unemployment and short-time work benefits would not be affected. In addition, no personal data was leaked. According to various sources, all computers in the more than 700 offices around the country are affected by the malware – including the laptops of employees who currently work at home. A total of 8,000 people work for SEPE.